CVE-2007-6608

Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5.2-pre4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) LAST and (2) FIRST parameters to admin/staff_del_confirm.php, (3) the name parameter to admin/theme_del_confirm.php, or (4) the themeName parameter to admin/theme_preview.php.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openbiblio:openbiblio:0.2:*:*:*:*:*:*:*
cpe:2.3:a:openbiblio:openbiblio:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:openbiblio:openbiblio:0.3:*:*:*:*:*:*:*
cpe:2.3:a:openbiblio:openbiblio:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:openbiblio:openbiblio:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:openbiblio:openbiblio:0.5.2_pre4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-12-31 20:46

Updated : 2024-02-28 11:01


NVD link : CVE-2007-6608

Mitre link : CVE-2007-6608

CVE.ORG link : CVE-2007-6608


JSON object : View

Products Affected

openbiblio

  • openbiblio
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')