CVE-2008-3503

Plain Black WebGUI <7.5.13 - Info Disclosure

Title source: llm

Description

RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data).

References (6)

[Vendor Advisory] http://secunia.com/advisories/30782

[Various Sources] http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/

[Various Sources] http://www.webgui.org/getwebgui/advisories/webgui-7_5_13-beta-released

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43344

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29927

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1932/references

Scores

EPSS 0.0044

EPSS Percentile 62.8%

Classification

CWE

CWE-287

Status draft

Affected Products (50)

webgui/plain_black_webgui

... and 35 more

Timeline

Published Aug 06, 2008

Tracked Since Feb 18, 2026