Description
Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) 0.2 allow remote attackers to inject arbitrary web script or HTML via the wndtitle parameter to (1) lang-en.php, (2) menu-ed.php, or (3) titletext-ed.php.
Exploits (3)
exploitdb
WRITEUP
VERIFIED
by Aria-Security Team · textwebappsphp
https://www.exploit-db.com/exploits/30435
exploitdb
WRITEUP
VERIFIED
by Aria-Security Team · textwebappsphp
https://www.exploit-db.com/exploits/30434
exploitdb
WRITEUP
VERIFIED
by Aria-Security Team · textwebappsphp
https://www.exploit-db.com/exploits/30433
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35663
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/37256
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25129
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2953
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/37255
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/37254
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/39026
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/39025
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/39024
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/475064/100/0/threaded
Scores
EPSS
0.0242
EPSS Percentile
85.2%
Details
Status
published
Products (1)
itcms/itcms
0.2
Published
Jul 31, 2007
Tracked Since
Feb 18, 2026