CVE-2007-6608

OpenBiblio <0.5.2-pre4 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5.2-pre4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) LAST and (2) FIRST parameters to admin/staff_del_confirm.php, (3) the name parameter to admin/theme_del_confirm.php, or (4) the themeName parameter to admin/theme_preview.php.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Juan Galiana Lara · htmlwebappsphp

https://www.exploit-db.com/exploits/30951

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Juan Galiana Lara · textwebappsphp

https://www.exploit-db.com/exploits/30948

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Juan Galiana Lara · textwebappsphp

https://www.exploit-db.com/exploits/30949

View Code ZIP pw:eip

References (9)

[Third Party Advisory, VDB Entry] http://osvdb.org/39869

[Third Party Advisory, VDB Entry] http://osvdb.org/39870

[Third Party Advisory, VDB Entry] http://osvdb.org/39871

[Product] http://sourceforge.net/project/shownotes.php?release_id=451780&group_id=50071

[Product] http://sourceforge.net/project/shownotes.php?release_id=488061&group_id=50071

[Exploit, Patch] http://www.securityfocus.com/bid/27053

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39297

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/485588/100/0/threaded

[Third Party Advisory] http://securityreason.com/securityalert/3502

Scores

EPSS 0.0198

EPSS Percentile 83.4%

Classification

CWE

CWE-79

Status draft

Affected Products (6)

openbiblio/openbiblio

openbiblio/openbiblio

openbiblio/openbiblio

openbiblio/openbiblio

openbiblio/openbiblio

openbiblio/openbiblio

Timeline

Published Dec 31, 2007

Tracked Since Feb 18, 2026