4.3

CVE-2007-4589

Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, and (12) httpd.php; and unspecified vectors to (13) cron.php and (14) prefs.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
InterworxWeb Control Panel Version3.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.71% 0.743
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://interworx.com/forums/showthread.php?t=2501
http://secunia.com/advisories/26586
http://securityreason.com/securityalert/3070
http://www.hackerscenter.com/archive/view.asp?id=27884
http://www.securityfocus.com/archive/1/477848/100/0/threaded
http://www.securityfocus.com/bid/25451
https://exchange.xforce.ibmcloud.com/vulnerabilities/36297
http://osvdb.org/36767
http://osvdb.org/36768
http://osvdb.org/36769
http://osvdb.org/36770
http://osvdb.org/36771
http://osvdb.org/36772
http://osvdb.org/36773
http://osvdb.org/36774
http://osvdb.org/36775
http://osvdb.org/36776
http://osvdb.org/36777
http://osvdb.org/36778
http://osvdb.org/36779
http://osvdb.org/36780
https://exchange.xforce.ibmcloud.com/vulnerabilities/36300