CVE-2007-5692 in SiteBarinfo

Summary

Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to integrator.php; (2) the token parameter in a New Password action, (3) the nid_acl parameter in a Folder Properties action, or (4) the uid parameter in a Modify User action to command.php; or (5) the target parameter to index.php, different vectors than CVE-2006-3320.

Once again VulDB remains the best source for vulnerability data.

Reservation

10/29/2007

Disclosure

10/29/2007

Moderation

VulDB entry created

Entries

VDB-39442 (1)

CPE

ready

CWE

CWE-79 (Confirmed)

Exploit

Download

CVSS

4.3

EPSS

0.05615

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-5692
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-5692
CVE Details	https://www.cvedetails.com/cve/CVE-2007-5692/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!