Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2007-5692
HistoryOct 29, 2007 - 8:46 p.m.

CVE-2007-5692

2007-10-2920:46:00
CWE-79
mitre
web.nvd.nist.gov
50
xss
sitebar 3.3.8
remote attackers
web script
html
cve-2007-5692
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.02

Percentile

89.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to integrator.php; (2) the token parameter in a New Password action, (3) the nid_acl parameter in a Folder Properties action, or (4) the uid parameter in a Modify User action to command.php; or (5) the target parameter to index.php, different vectors than CVE-2006-3320.

Affected configurations

Nvd
Node
sitebarsitebarMatch3.3.8
VendorProductVersionCPE
sitebarsitebar3.3.8cpe:2.3:a:sitebar:sitebar:3.3.8:*:*:*:*:*:*:*

Related

cvelist 2
nvd 2
ubuntucve 2
prion 1
exploitdb 3
nessus 3
debian 2
securityvulns 3
cve 1
openvas 6
osv 1
gentoo 1
packetstorm 1
cvelist
cvelist
CVE-2007-5692
2007-10-29 20:00:00
CVE-2006-3320
2006-06-30 01:00:00
nvd
nvd
CVE-2007-5692
2007-10-29 20:46:00
CVE-2006-3320
2006-06-30 01:05:00
ubuntucve
ubuntucve
CVE-2007-5692
2007-10-29 00:00:00
CVE-2006-3320
2006-06-30 00:00:00
prion
prion
Cross site scripting
2007-10-29 20:46:00
exploitdb
exploitdb
SiteBar 3.3.8 - 'index.php?target' Cross-Site Scripting
2007-10-18 00:00:00
SiteBar 3.3.8 - 'integrator.php?lang' Cross-Site Scripting
2007-10-18 00:00:00
SiteBar 3.3.8 - 'command.php?Modify User Action uid' Cross-Site Scripting
2007-10-18 00:00:00
nessus
nessus
Debian DSA-1130-1 : sitebar - missing input validation
2006-10-14 00:00:00
Debian DSA-1423-1 : sitebar - several vulnerabilities
2007-12-11 00:00:00
GLSA-200711-05 : SiteBar: Multiple issues
2007-11-07 00:00:00
debian
debian
[SECURITY] [DSA 1130-1] New sitebar packages fix cross-site scripting
2006-08-01 15:02:12
[SECURITY] [DSA 1423-1] New sitebar packages fix several vulnerabilities
2007-12-07 18:56:32
securityvulns
securityvulns
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2007-10-20 00:00:00
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2007-12-09 00:00:00
Serious holes affecting SiteBar 3.3.8
2007-10-20 00:00:00
cve
cve
CVE-2006-3320
2006-06-30 01:05:00
openvas
openvas
Debian Security Advisory DSA 1130-1 (sitebar)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1130-1)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1423-1)
2008-01-17 00:00:00
osv
osv
sitebar - several vulnerabilities
2007-12-07 00:00:00
gentoo
gentoo
SiteBar: Multiple issues
2007-11-06 00:00:00
packetstorm
packetstorm
NDSA20071016.txt
2007-10-22 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.02

Percentile

89.2%

JSON
Related for CVE-2007-5692
cvelist2nvd2ubuntucve2prion1exploitdb3nessus3debian2securityvulns3cve1openvas6osv1gentoo1packetstorm1