Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xigla | Absolute News Manager.Net | 5.1 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=119678724111351&w=2
- http://osvdb.org/40577
- http://osvdb.org/40578
- http://secunia.com/advisories/27923Vendor Advisory
- http://www.procheckup.com/Vulnerability_PR07-39.php
- http://www.securityfocus.com/bid/26692ExploitPatch
- http://www.xigla.com/news/default.aspx
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38872
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38873
- http://marc.info/?l=bugtraq&m=119678724111351&w=2
- http://osvdb.org/40577
- http://osvdb.org/40578
- http://secunia.com/advisories/27923Vendor Advisory
- http://www.procheckup.com/Vulnerability_PR07-39.php
- http://www.securityfocus.com/bid/26692ExploitPatch
FAQ
What is CVE-2007-6270?
CVE-2007-6270 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and...
How severe is CVE-2007-6270?
CVE-2007-6270 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6270?
Check the references section above for vendor advisories and patch information. Affected products include: Xigla Absolute News Manager.Net.