Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Falcon | Series One Cms | 1.4.3 |
References
- http://osvdb.org/40987
- http://secunia.com/advisories/28047Vendor Advisory
- http://www.vupen.com/english/advisories/2007/4173
- https://www.exploit-db.com/exploits/4712
- http://osvdb.org/40987
- http://secunia.com/advisories/28047Vendor Advisory
- http://www.vupen.com/english/advisories/2007/4173
- https://www.exploit-db.com/exploits/4712
FAQ
What is CVE-2007-6489?
CVE-2007-6489 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text param...
How severe is CVE-2007-6489?
CVE-2007-6489 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6489?
Check the references section above for vendor advisories and patch information. Affected products include: Falcon Series One Cms.