1. CVE-Search
  2. CVE-2007-3017
ID CVE-2007-3017
Summary The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp.
References
Vulnerable Configurations
  • cpe:2.3:a:activeweb:contentserver:*:*:*:*:*:*:*:*
    cpe:2.3:a:activeweb:contentserver:*:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 16-10-2018 - 16:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:P/A:N
refmap via4
bid 24898
bugtraq 20070713 ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content
misc http://www.redteam-pentesting.de/advisories/rt-sa-2007-006.php
osvdb 39745
secunia 26063
sreason 2900
xf activeweb-worklistedit-xss(35399)
Last major update 16-10-2018 - 16:46
Published 17-07-2007 - 00:30
Last modified 16-10-2018 - 16:46
Back to Top