CVE-2007-5251

Webhost Automation Helm Web Hosting Control Panel - CSRF

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 allow remote attackers to inject arbitrary web script or HTML via (1) the showOption parameter to domain.asp, or the (2) Folder or (3) StartPath parameter to FileManager.asp.

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36962

[Various Sources] http://pridels-team.blogspot.com/2007/10/helm-xss-vuln.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25940

[Third Party Advisory] http://secunia.com/advisories/27080

Scores

EPSS 0.0013

EPSS Percentile 32.8%

Classification

CWE

CWE-352

Status draft

Affected Products (1)

webhost_automation/helm_web_hosting_control_panel

Timeline

Published Oct 06, 2007

Tracked Since Feb 18, 2026