Description
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb (DNews News Server) 57e1 allow remote attackers to inject arbitrary web script or HTML via the (1) group or (2) utag parameter.
Exploits (1)
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37031
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481865/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27163
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3452
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/37651
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3208
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25981
Scores
EPSS
0.0076
EPSS Percentile
73.4%
Details
CWE
CWE-79
Status
published
Products (1)
netwin/dnewsweb
57e1
Published
Oct 11, 2007
Tracked Since
Feb 18, 2026