CVE-2007-2206

Ripe Website Manager < 0.8.4 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a leading "<"<" in the ripeformpost parameter.

References (8)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2007-04/0384.html

[Various Sources] http://john-martinelli.com/work/ripe.txt

[Third Party Advisory, VDB Entry] http://osvdb.org/35362

[Vendor Advisory] http://secunia.com/advisories/24984

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33817

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23597

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1519

[Third Party Advisory] http://securityreason.com/securityalert/2602

Scores

EPSS 0.0054

EPSS Percentile 67.2%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

ripe_website_manager/ripe_website_manager < 0.8.4

Timeline

Published Apr 24, 2007

Tracked Since Feb 18, 2026