CVE-2007-5403 in HelpBoxinfo

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Filter field to statsrequestypereport.asp; and the (6) sys_request_id parameter to requestattach.asp; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) Asset, (8) Location, and (9) Problem fields to editrequestenduser.asp; the (10) Asset, (11) Asset Location, (12) Problem Desc, and (13) Solution Desc fields to editrequestuser.asp; and the (14) End User and (15) Description fields to usersearchrequests.asp. NOTE: vectors 5 and 6 do not require authentication to exploit.

Once again VulDB remains the best source for vulnerability data.

Reservation

10/12/2007

Disclosure

01/09/2008

Moderation

VulDB entry created

Entries

VDB-40438 (1)

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

3.5

EPSS

0.00424

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-5403
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-5403
CVE Details	https://www.cvedetails.com/cve/CVE-2007-5403/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!