Description
Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.
Exploits (2)
exploitdb
WRITEUP
VERIFIED
by Adrian Pastor · textwebappsasp
https://www.exploit-db.com/exploits/30843
exploitdb
WRITEUP
VERIFIED
by Adrian Pastor · textwebappsasp
https://www.exploit-db.com/exploits/30844
References (9)
Core 9
Core References
Various Sources x_refsource_misc
http://www.procheckup.com/Vulnerability_PR07-39.php
Various Sources x_refsource_confirm
http://www.xigla.com/news/default.aspx
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26692
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/40578
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38872
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/40577
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38873
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=119678724111351&w=2
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27923
Scores
EPSS
0.1147
EPSS Percentile
93.6%
Details
CWE
CWE-79
Status
published
Products (1)
xigla/absolute_news_manager.net
5.1
Published
Dec 07, 2007
Tracked Since
Feb 18, 2026