CVE-2013-7368
published 2014-04-15CVE-2013-7368: Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.22%
86.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles/index.php, or (3) admin/polls.php; (4) category_id parameter to news/submit.php; news_id parameter to (5) news/send.php or (6) comments/add.php; or (7) post_subject or (8) thread_id parameter to posts/edit.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| raoul_proenca | gnew | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Gnew 2013.1 - Multiple Vulnerabilities (1)
exploitdb·2013-08-12
CVE-2013-7368 Gnew 2013.1 - Multiple Vulnerabilities (1)
Gnew 2013.1 - Multiple Vulnerabilities (1)
---
Gnew v2013.1 Multiple XSS And SQL Injection Vulnerabilities
Vendor: Raoul Proença
Product web page: http://www.gnew.fr
Affected version: 2013.1
Summary: Gnew is a simple Content Management
System written with PHP language and using a
database server (MySQL, PostgreSQL or SQLite)
for storage.
Desc: Input passed via several parameters is not properly
sanitised before being returned to the user or used in SQL
queries. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code and HTML/script code in a
user's browser session in context of an affected site.
| PARAM | TYPE | FILE |
| |
| gnew_template | XSS | /users/profile.php, /articles/index.php, /admin/polls.php |
|--------------------------------------------------
Exploit-DB
DELL Quest One Password Manager - CAPTCHA Security Bypass
exploitdb·2011-10-21
CVE-2013-6246 DELL Quest One Password Manager - CAPTCHA Security Bypass
DELL Quest One Password Manager - CAPTCHA Security Bypass
---
source: https://www.securityfocus.com/bid/63259/info
DELL Quest One Password Manager is prone to a security bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and gain access to sensitive areas of the application to perform unauthorized actions; this may aid in launching further attacks.
ScenarioActionId=42696720-7368-6974-2070-726F64756374&UserName=domain%5Cuser&Search=false
No writeups or analysis indexed.
http://packetstormsecurity.com/files/122771http://www.securityfocus.com/bid/61721http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5153.phphttps://www.netsparker.com/critical-xss-sql-injection-vulnerabilities-gnew/http://packetstormsecurity.com/files/122771http://www.securityfocus.com/bid/61721http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5153.phphttps://www.netsparker.com/critical-xss-sql-injection-vulnerabilities-gnew/
2014-04-15
Published