Jetbox CMS Multiple Cross Site Scripting Vulnerabilities

Bugtraq ID:	23999
Class:	Input Validation Error
CVE:	CVE-2007-2732
Remote:	Yes
Local:	No
Published:	May 15 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	Mikhail Markin, Tomas Kuliavas and Michael Jordon are credited with the discovery of these vulnerabilities.
Vulnerable:	Jetbox Jetbox CMS 2.1
Not Vulnerable:

Jetbox CMS Multiple Cross Site Scripting Vulnerabilities

Jetbox CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.

Jetbox CMS 2.1 is vulnerable.

Jetbox CMS Multiple Cross Site Scripting Vulnerabilities

Attackers can use a browser to exploit these issues.

Example URIs have been provided:

• /data/vulnerabilities/exploits/23999.html

Jetbox CMS Multiple Cross Site Scripting Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Jetbox CMS Multiple Cross Site Scripting Vulnerabilities

References:

• Jetbox CMS Homepage (Jetbox)
  
• Re: Jetbox CMS version 2.1 E-Mail Injection Vulnerability ([email protected])