CVE-2007-6374 in Bitweaverinfo

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. NOTE: the error parameter to users/login.php is covered by CVE-2006-3103.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

12/14/2007

Disclosure

12/14/2007

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
40059	Bitweaver register.php cross site scripting	79	Proof-of-Concept	Not defined	CVE-2007-6374

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!