CVE-2007-5370

NetWin DNewsWeb 57e1 - Cross-Site Scripting via Group or Utag Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5370. PoCs published by Doz.

AI-analyzed exploit summary The provided text describes multiple cross-site scripting (XSS) vulnerabilities in DNews due to improper input sanitization. It includes example URLs demonstrating the vulnerabilities but does not contain executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb (DNews News Server) 57e1 allow remote attackers to inject arbitrary web script or HTML via the (1) group or (2) utag parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Doz · textwebappscgi

https://www.exploit-db.com/exploits/30649

View Code ZIP pw:eip

The provided text describes multiple cross-site scripting (XSS) vulnerabilities in DNews due to improper input sanitization. It includes example URLs demonstrating the vulnerabilities but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: DNews 57e1

No auth needed

Prerequisites: Access to the vulnerable DNews web interface

MITRE ATT&CK