CVE-2007-4896

Toms-seiten.at Toms Gastenbuch - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in admin/header.php in Toms Gaestebuch 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang[adminseite], (2) lang[ueberschrift], or (3) einst[metachar] parameter, different vectors than CVE-2007-4711.

Exploits (1)

exploitdb WRITEUP VERIFIED

by hd1979 · textwebappsphp

https://www.exploit-db.com/exploits/30570

View Code ZIP pw:eip

References (6)

[Exploit] http://www.securityfocus.com/bid/25598

[Various Sources] http://www.toms-seiten.at/guest/index.php?language=de

[Various Sources] http://www.toms-seiten.at/iv_downloads/details.php?dl_id=3&language=de

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/478869/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/479992/100/100/threaded

[Third Party Advisory, VDB Entry] http://osvdb.org/38660

Scores

EPSS 0.0051

EPSS Percentile 65.9%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

toms-seiten.at/toms_gastenbuch

toms-seiten.at/toms_gastenbuch

Timeline

Published Sep 14, 2007

Tracked Since Feb 18, 2026