CVE-2007-5251

Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 allow remote attackers to inject arbitrary web script or HTML via (1) the showOption parameter to domain.asp, or the (2) Folder or (3) StartPath parameter to FileManager.asp.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://pridels-team.blogspot.com/2007/10/helm-xss-vuln.html
http://secunia.com/advisories/27080
http://www.securityfocus.com/bid/25940
https://exchange.xforce.ibmcloud.com/vulnerabilities/36962

Configurations

Configuration 1 (hide)

cpe:2.3:a:webhost_automation:helm_web_hosting_control_panel:3.2.16:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-10-06 17:17

Updated : 2023-12-10 10:40

NVD link : CVE-2007-5251

Mitre link : CVE-2007-5251

CVE.ORG link : CVE-2007-5251

JSON object : View

Products Affected

webhost_automation

helm_web_hosting_control_panel

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

4.3 /10