Activeweb

Contentserver

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2007-3017

Exploit
  • EPSS 8.69%
  • Published 17.07.2007 00:30:00
  • Last modified 09.04.2025 00:30:58

The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to...

4

CVE-2007-3018

  • EPSS 0.52%
  • Published 17.07.2007 00:30:00
  • Last modified 09.04.2025 00:30:58

activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories.

6.5

CVE-2007-3013

Exploit
  • EPSS 1.07%
  • Published 15.07.2007 23:30:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecifie...

4.3

CVE-2007-3014

Exploit
  • EPSS 13.62%
  • Published 15.07.2007 23:30:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name...