CVE-2007-5692
Sitebar - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to integrator.php; (2) the token parameter in a New Password action, (3) the nid_acl parameter in a Folder Properties action, or (4) the uid parameter in a Modify User action to command.php; or (5) the target parameter to index.php, different vectors than CVE-2006-3320.
Exploits (3)
exploitdb
WRITEUP
VERIFIED
by Robert Buchholz · textwebappsphp
https://www.exploit-db.com/exploits/30686
exploitdb
WRITEUP
VERIFIED
by Robert Buchholz · textwebappsphp
https://www.exploit-db.com/exploits/30685
exploitdb
WRITEUP
VERIFIED
by Robert Buchholz · textwebappsphp
https://www.exploit-db.com/exploits/30684
References (14)
Scores
EPSS
0.0561
EPSS Percentile
90.2%
Classification
CWE
CWE-79
Status
draft
Affected Products (1)
sitebar/sitebar
Timeline
Published
Oct 29, 2007
Tracked Since
Feb 18, 2026