CVE-2007-4589 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php (3) users.php (4) ftp.php (5) mysql.php (6) domains.php (7) htaccess.php (8) scriptworx.php (9) stats.php (10) backup.php (11) restore.php and (12) httpd.php; and unspecified vectors to (13) cron.php and (14) prefs.php.

Reference

http://interworx.com/forums/showthread.php?t=2501 http://osvdb.org/36767 http://osvdb.org/36768 http://osvdb.org/36769 http://osvdb.org/36770 http://osvdb.org/36771 http://osvdb.org/36772 http://osvdb.org/36773 http://osvdb.org/36774 http://osvdb.org/36775 http://osvdb.org/36776 http://osvdb.org/36777 http://osvdb.org/36778 http://osvdb.org/36779 http://osvdb.org/36780 http://secunia.com/advisories/26586 http://securityreason.com/securityalert/3070 http://www.hackerscenter.com/archive/view.asp?id=27884 http://www.securityfocus.com/archive/1/477848/100/0/threaded http://www.securityfocus.com/bid/25451 https://exchange.xforce.ibmcloud.com/vulnerabilities/36297 https://exchange.xforce.ibmcloud.com/vulnerabilities/36300