CVE-2007-4589 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, and (12) httpd.php; and unspecified vectors to (13) cron.php and (14) prefs.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Interworx	Web Control Panel

Configuration 1 [-]

cpe:2.3:a:interworx:web_control_panel:3.0.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://interworx.com/forums/showthread.php?t=2501
http://osvdb.org/36767
http://osvdb.org/36768
http://osvdb.org/36769
http://osvdb.org/36770
http://osvdb.org/36771
http://osvdb.org/36772
http://osvdb.org/36773
http://osvdb.org/36774
http://osvdb.org/36775
http://osvdb.org/36776
http://osvdb.org/36777
http://osvdb.org/36778
http://osvdb.org/36779
http://osvdb.org/36780
http://secunia.com/advisories/26586
http://securityreason.com/securityalert/3070
http://www.hackerscenter.com/archive/view.asp?id=27884
http://www.securityfocus.com/archive/1/477848/100/0/threaded
http://www.securityfocus.com/bid/25451
https://exchange.xforce.ibmcloud.com/vulnerabilities/36297
https://exchange.xforce.ibmcloud.com/vulnerabilities/36300

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-29T01:00:00

Updated: 2024-08-07T15:01:09.731Z

Reserved: 2007-08-28T00:00:00

Link: CVE-2007-4589

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-08-29T01:17:00.000

Modified: 2018-10-15T21:36:37.013

Link: CVE-2007-4589

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-26T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, and (12) httpd.php; and unspecified vectors to (13) cron.php and (14) prefs.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "36778", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36778"}, {"name": "25451", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25451"}, {"name": "3070", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3070"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://interworx.com/forums/showthread.php?t=2501"}, {"name": "36772", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36772"}, {"name": "36775", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36775"}, {"name": "36771", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36771"}, {"name": "36776", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36776"}, {"name": "36773", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36773"}, {"name": "36780", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36780"}, {"name": "36779", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36779"}, {"name": "36768", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36768"}, {"name": "36774", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36774"}, {"tags": ["x_refsource_MISC"], "url": "http://www.hackerscenter.com/archive/view.asp?id=27884"}, {"name": "26586", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26586"}, {"name": "20070826 InterWorx-CP Multiple HTML Injections Vulnerabilitie", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/477848/100/0/threaded"}, {"name": "36777", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36777"}, {"name": "36769", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36769"}, {"name": "36767", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36767"}, {"name": "interworx-siteworx-multiple-file-include(36300)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36300"}, {"name": "interworxcp-index-xss(36297)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36297"}, {"name": "36770", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36770"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4589", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, and (12) httpd.php; and unspecified vectors to (13) cron.php and (14) prefs.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "36778", "refsource": "OSVDB", "url": "http://osvdb.org/36778"}, {"name": "25451", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25451"}, {"name": "3070", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3070"}, {"name": "http://interworx.com/forums/showthread.php?t=2501", "refsource": "CONFIRM", "url": "http://interworx.com/forums/showthread.php?t=2501"}, {"name": "36772", "refsource": "OSVDB", "url": "http://osvdb.org/36772"}, {"name": "36775", "refsource": "OSVDB", "url": "http://osvdb.org/36775"}, {"name": "36771", "refsource": "OSVDB", "url": "http://osvdb.org/36771"}, {"name": "36776", "refsource": "OSVDB", "url": "http://osvdb.org/36776"}, {"name": "36773", "refsource": "OSVDB", "url": "http://osvdb.org/36773"}, {"name": "36780", "refsource": "OSVDB", "url": "http://osvdb.org/36780"}, {"name": "36779", "refsource": "OSVDB", "url": "http://osvdb.org/36779"}, {"name": "36768", "refsource": "OSVDB", "url": "http://osvdb.org/36768"}, {"name": "36774", "refsource": "OSVDB", "url": "http://osvdb.org/36774"}, {"name": "http://www.hackerscenter.com/archive/view.asp?id=27884", "refsource": "MISC", "url": "http://www.hackerscenter.com/archive/view.asp?id=27884"}, {"name": "26586", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26586"}, {"name": "20070826 InterWorx-CP Multiple HTML Injections Vulnerabilitie", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/477848/100/0/threaded"}, {"name": "36777", "refsource": "OSVDB", "url": "http://osvdb.org/36777"}, {"name": "36769", "refsource": "OSVDB", "url": "http://osvdb.org/36769"}, {"name": "36767", "refsource": "OSVDB", "url": "http://osvdb.org/36767"}, {"name": "interworx-siteworx-multiple-file-include(36300)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36300"}, {"name": "interworxcp-index-xss(36297)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36297"}, {"name": "36770", "refsource": "OSVDB", "url": "http://osvdb.org/36770"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:01:09.731Z"}, "title": "CVE Program Container", "references": [{"name": "36778", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36778"}, {"name": "25451", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25451"}, {"name": "3070", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3070"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://interworx.com/forums/showthread.php?t=2501"}, {"name": "36772", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36772"}, {"name": "36775", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36775"}, {"name": "36771", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36771"}, {"name": "36776", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36776"}, {"name": "36773", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36773"}, {"name": "36780", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36780"}, {"name": "36779", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36779"}, {"name": "36768", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36768"}, {"name": "36774", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36774"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.hackerscenter.com/archive/view.asp?id=27884"}, {"name": "26586", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26586"}, {"name": "20070826 InterWorx-CP Multiple HTML Injections Vulnerabilitie", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/477848/100/0/threaded"}, {"name": "36777", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36777"}, {"name": "36769", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36769"}, {"name": "36767", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36767"}, {"name": "interworx-siteworx-multiple-file-include(36300)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36300"}, {"name": "interworxcp-index-xss(36297)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36297"}, {"name": "36770", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36770"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4589", "datePublished": "2007-08-29T01:00:00", "dateReserved": "2007-08-28T00:00:00", "dateUpdated": "2024-08-07T15:01:09.731Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:interworx:web_control_panel:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A6FE9086-796A-422B-8DFB-C1875FD2CC10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, and (12) httpd.php; and unspecified vectors to (13) cron.php and (14) prefs.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 2.0.3 (1) permite a atacantes remotos eweb a trav\u00e9s del par\u00e1metro PATH_INFO de index.php; y permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro PATH_INFO de (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, y (12) httpd.php; y vectores no especificados de (13) cron.php y (14) prefs.php."}], "id": "CVE-2007-4589", "lastModified": "2018-10-15T21:36:37.013", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-08-29T01:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://interworx.com/forums/showthread.php?t=2501"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36767"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36768"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36769"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36770"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36771"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36772"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36773"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36774"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36775"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36776"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36777"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36778"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36779"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36780"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26586"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3070"}, {"source": "cve@mitre.org", "url": "http://www.hackerscenter.com/archive/view.asp?id=27884"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/477848/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25451"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36297"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36300"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}