CVE-2007-2337
Last modified
CVE-2007-2337 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.. EPSS estimates a 1.82% chance of exploitation in the next 30 days.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Oicgroup | Exponent Cms | <= 0.96.6 | Alpha |
| Oicgroup | Exponent Cms | 0.94 | — |
| Oicgroup | Exponent Cms | 0.95 | — |
| Oicgroup | Exponent Cms | 0.96.1 | — |
| Oicgroup | Exponent Cms | 0.96.3 | — |
| Oicgroup | Exponent Cms | 0.96.4 | — |
| Oicgroup | Exponent Cms | 0.96.5 | Rc1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-2337?
How severe is CVE-2007-2337?
How do I fix CVE-2007-2337?
Are you affected by CVE-2007-2337?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST