CVE-2007-3137
WmsCMS <= 2.0 - Cross-Site Scripting via 4print.asp Parameters
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2007-3137. PoCs published by Glafkos Charalambous.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in WmsCMS 2.0, where user-supplied input is not properly sanitized. It includes example URLs demonstrating the vulnerability but does not contain executable exploit code.
Description
Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is incorrect.
Exploits (2)
The provided text describes a cross-site scripting (XSS) vulnerability in WmsCMS 2.0, where user-supplied input is not properly sanitized. It includes example URLs demonstrating the vulnerability but does not contain executable exploit code.
This advisory details XSS and SQL injection vulnerabilities in WMSCMS, specifically in parameters like 'search', 'sbr', and 'pid' in default.asp and printpage.asp. It provides technical details on affected parameters and attack vectors but does not include functional exploit code.