CVE-2007-3137 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl (2) sbr or (3) search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected but this is incorrect.

Reference

http://osvdb.org/37144 http://secunia.com/advisories/25583 http://securityreason.com/securityalert/2789 http://www.securityfocus.com/archive/1/470758/100/0/threaded http://www.securityfocus.com/bid/24365 https://exchange.xforce.ibmcloud.com/vulnerabilities/34763