CVE-2007-6367

SineCMS <2.3.4 - XSS

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357.

Exploits (1)

exploitdb WORKING POC VERIFIED
by KiNgOfThEwOrLd · textwebappsphp
https://www.exploit-db.com/exploits/4693

References (6)

Core 6
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3444
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27949
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38893
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4693
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/484648/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/485267/100/200/threaded

Scores

EPSS 0.0650
EPSS Percentile 91.1%

Details

CWE
CWE-79
Status published
Products (1)
sinecms/sinecms < 2.3.4
Published Dec 15, 2007
Tracked Since Feb 18, 2026