Cross-Site Scripting Vulnerabilities in NetWin DNewsWeb by NetWin
CVE-2007-5370

Currently unrated

Key Information:

Vendor: Netwin
Status: Dnewsweb
Vendor: CVE Published:; 11 October 2007

What is CVE-2007-5370?

The NetWin DNewsWeb (DNews News Server) version 57e1 suffers from multiple cross-site scripting (XSS) vulnerabilities. Attackers can leverage these weaknesses to inject arbitrary web scripts or HTML via the 'group' or 'utag' parameters. This can lead to unauthorized access and manipulation of user sessions, making it crucial for users to apply necessary security measures.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/37031

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/481865/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/27163

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Oct 11, 2007
Vulnerability Reserved
Oct 10, 2007

Netwin

What is CVE-2007-5370?

References

Timeline