CVE

Id
25334  
CVE No.
CVE-2007-1977  
Status
Candidate  
Description
Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter.  
Phase
Assigned (20070411)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
252625 25334 CVE-2007-1977 BUGTRAQ:20070403 [MajorSecurity Advisory #37]HolaCMS - Cross Site Scripting Issue  View
252626 25334 CVE-2007-1977 URL:http://www.securityfocus.com/archive/1/archive/1/464572/100/200/threaded  View
252627 25334 CVE-2007-1977 MISC:http://www.majorsecurity.de/index_2.php?major_rls=major_rls37  View
252628 25334 CVE-2007-1977 BID:23288  View
252629 25334 CVE-2007-1977 URL:http://www.securityfocus.com/bid/23288  View
252630 25334 CVE-2007-1977 OSVDB:34685  View
252631 25334 CVE-2007-1977 URL:http://osvdb.org/34685  View
252632 25334 CVE-2007-1977 SECUNIA:24656  View
252633 25334 CVE-2007-1977 URL:http://secunia.com/advisories/24656  View
252634 25334 CVE-2007-1977 XF:holacms-indexcms-xss(33392)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
56700 JVNDB-2007-005392 XOOPS 用の PopnupBlog モジュールにおける SQL インジェクションの脆弱性 XOOPS 用の PopnupBlog モジュールの index.php は、class/PopnupBlogUtils.php 内の get_blogid_from_postid 関数に関する処理に不備があるため、SQL インジェクションの脆弱性が存在します。 CVE-2007-1979 25334 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-005392.html  View