[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-4588Date: (C)2007-08-28   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
http://www.securityfocus.com/archive/1/477848/100/0/threaded
BID-25451
SECUNIA-26586
SREASON-3070
OSVDB-36739
OSVDB-36740
OSVDB-36742
OSVDB-36743
OSVDB-36744
OSVDB-36745
OSVDB-36746
OSVDB-36747
OSVDB-36748
OSVDB-36749
OSVDB-36750
OSVDB-36751
OSVDB-36752
OSVDB-36753
OSVDB-36755
OSVDB-36756
OSVDB-36757
OSVDB-36758
OSVDB-36759
OSVDB-36761
OSVDB-36762
OSVDB-36763
OSVDB-36764
OSVDB-36765
OSVDB-36766
http://interworx.com/forums/showthread.php?t=2501
http://www.hackerscenter.com/archive/view.asp?id=27884
interworx-nodeworx-multiple-file-include(36301)
interworxcp-index-xss(36297)

CPE    1
cpe:/a:interworx:web_control_panel:3.0.2
CWE    1
CWE-79

© SecPod Technologies