CVE-2007-5692

2007-10-2900:00:00

ubuntu.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.02

Percentile

89.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 allow
remote attackers to inject arbitrary web script or HTML via (1) the lang
parameter to integrator.php; (2) the token parameter in a New Password
action, (3) the nid_acl parameter in a Folder Properties action, or (4) the
uid parameter in a Modify User action to command.php; or (5) the target
parameter to index.php, different vectors than CVE-2006-3320.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/sitebar/+bug/175319>

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchsitebar< 3.3.8-12.1UNKNOWN
ubuntu8.10noarchsitebar< 3.3.8-12.1UNKNOWN
ubuntu9.04noarchsitebar< 3.3.8-12.1UNKNOWN
ubuntu9.10noarchsitebar< 3.3.8-12.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	sitebar	< 3.3.8-12.1	UNKNOWN
ubuntu	8.10	noarch	sitebar	< 3.3.8-12.1	UNKNOWN
ubuntu	9.04	noarch	sitebar	< 3.3.8-12.1	UNKNOWN
ubuntu	9.10	noarch	sitebar	< 3.3.8-12.1	UNKNOWN