Description
RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data).
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43344
Various Sources x_refsource_misc
http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/
Various Sources x_refsource_confirm
http://www.webgui.org/getwebgui/advisories/webgui-7_5_13-beta-released
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29927
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30782
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1932/references
Scores
EPSS
0.0151
EPSS Percentile
71.2%
Details
CWE
CWE-287
Status
published
Products (50)
webgui/plain_black_webgui
0.9.0
webgui/plain_black_webgui
0.10.0
webgui/plain_black_webgui
0.11.0
webgui/plain_black_webgui
0.12.0
webgui/plain_black_webgui
1.0.0
webgui/plain_black_webgui
1.0.1
webgui/plain_black_webgui
1.1.0
webgui/plain_black_webgui
1.2.0
webgui/plain_black_webgui
1.2.1
webgui/plain_black_webgui
1.3.0
... and 40 more
Published
Aug 06, 2008
Tracked Since
Feb 18, 2026