CVE-2007-4588 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php (3) users.php (4) lang.php (5) themes.php (6) setup.php (7) siteworx.php (8) packages.php (9) backup.php (10) import.php (11) scriptworx.php (12) resellers.php (13) reseller-packages.php (14) http.php (15) mail.php (16) ftp.php (17) mysql.php (18) sshd.php (19) nfs.php (20) cron.php (21) ip.php (22) firewall.php (23) updates.php (24) rrd.php or (25) cluster.php.

Reference

http://interworx.com/forums/showthread.php?t=2501 http://osvdb.org/36739 http://osvdb.org/36740 http://osvdb.org/36742 http://osvdb.org/36743 http://osvdb.org/36744 http://osvdb.org/36745 http://osvdb.org/36746 http://osvdb.org/36747 http://osvdb.org/36748 http://osvdb.org/36749 http://osvdb.org/36750 http://osvdb.org/36751 http://osvdb.org/36752 http://osvdb.org/36753 http://osvdb.org/36755 http://osvdb.org/36756 http://osvdb.org/36757 http://osvdb.org/36758 http://osvdb.org/36759 http://osvdb.org/36761 http://osvdb.org/36762 http://osvdb.org/36763 http://osvdb.org/36764 http://osvdb.org/36765 http://osvdb.org/36766 http://secunia.com/advisories/26586 http://securityreason.com/securityalert/3070 http://www.hackerscenter.com/archive/view.asp?id=27884 http://www.securityfocus.com/archive/1/477848/100/0/threaded http://www.securityfocus.com/bid/25451 https://exchange.xforce.ibmcloud.com/vulnerabilities/36297 https://exchange.xforce.ibmcloud.com/vulnerabilities/36301