CVE-2007-6367
SineCMS <2.3.4 - XSS
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by KiNgOfThEwOrLd · textwebappsphp
https://www.exploit-db.com/exploits/4693
References (6)
Scores
EPSS
0.0650
EPSS Percentile
91.0%
Classification
CWE
CWE-79
Status
draft
Affected Products (1)
sinecms/sinecms
< 2.3.4
Timeline
Published
Dec 15, 2007
Tracked Since
Feb 18, 2026