Launchpad.net

CVE 2007-5692

Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to integrator.php; (2) the token parameter in a New Password action, (3) the nid_acl parameter in a Folder Properties action, or (4) the uid parameter in a Modify User action to command.php; or (5) the target parameter to index.php, different vectors than CVE-2006-3320.

Related bugs and status

CVE-2007-5692 (Candidate) is related to these bugs:

Bug #175319: [sitebar] Several remote vulnerabilities

		In	Importance	Status
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu)	Undecided	Fix Released
175319	[sitebar] Several remote vulnerabilities	sitebar (Debian)	Unknown	Fix Released
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu Dapper)	Undecided	Won't Fix
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu Edgy)	Undecided	Won't Fix
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu Gutsy)	Undecided	Won't Fix
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu Hardy)	Undecided	Fix Released
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu Feisty)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://teamforge.net/v...
BID: 26126
GENTOO: GLSA-200711-05
SECUNIA: 27503
SREASON: 3318
DEBIAN: DSA-1423
SECUNIA: 28008
OSVDB: 41355
OSVDB: 41356
OSVDB: 41357
OSVDB: 41358
OSVDB: 41359
VUPEN: ADV-2007-3768
BUGTRAQ: 20071018 Serious holes...