CVE-2007-5370 – NetWin DNews - 'Dnewsweb.exe' Multiple Cross-Site Scripting Vulnerabilities

https://notcve.org/view.php?id=CVE-2007-5370

Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb (DNews News Server) 57e1 allow remote attackers to inject arbitrary web script or HTML via the (1) group or (2) utag parameter. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en cgi-bin/dnewsweb.exe en NetWin DNewsWeb (DNews News Server) 57e1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) group o (2) utag. • https://www.exploit-db.com/exploits/30649 http://osvdb.org/37651 http://secunia.com/advisories/27163 http://securityreason.com/securityalert/3208 http://www.securityfocus.com/archive/1/481865/100/0/threaded http://www.securityfocus.com/bid/25981 http://www.vupen.com/english/advisories/2007/3452 https://exchange.xforce.ibmcloud.com/vulnerabilities/37031 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •