CVE-2007-5403 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename (2) Surname (3) Telephone and (4) Fax fields to writeenduserenduser.asp; the (5) Filter field to statsrequestypereport.asp; and the (6) sys_request_id parameter to requestattach.asp; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) Asset (8) Location and (9) Problem fields to editrequestenduser.asp; the (10) Asset (11) Asset Location (12) Problem Desc and (13) Solution Desc fields to editrequestuser.asp; and the (14) End User and (15) Description fields to usersearchrequests.asp. NOTE: vectors 5 and 6 do not require authentication to exploit.

Reference

http://secunia.com/advisories/27699 http://secunia.com/secunia_research/2007-94/advisory/ http://www.securityfocus.com/bid/27187 https://exchange.xforce.ibmcloud.com/vulnerabilities/39537 https://exchange.xforce.ibmcloud.com/vulnerabilities/39540 https://exchange.xforce.ibmcloud.com/vulnerabilities/39541 https://exchange.xforce.ibmcloud.com/vulnerabilities/39542 https://exchange.xforce.ibmcloud.com/vulnerabilities/39543