CVE-2007-3060

Published: 06/06/2007 Updated: 16/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 455

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769.

Vulnerable Product	Search on Vulmon	Subscribe to Product
osi codes inc. phplive 3.2.2

source: wwwsecurityfocuscom/bid/24276/info PHP Live! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may allow ...

source: wwwsecurityfocuscom/bid/24276/info PHP Live! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may allow the a ...

source: wwwsecurityfocuscom/bid/24276/info PHP Live! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may allow t ...

source: wwwsecurityfocuscom/bid/24276/info PHP Live! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may allow the ...

source: wwwsecurityfocuscom/bid/24276/info PHP Live! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may allow the att ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/470275 http://marc.info/?l=full-disclosure&m=118072121020357&w=2 http://www.securityfocus.com/bid/24276 http://secunia.com/advisories/25441 http://osvdb.org/36990 http://osvdb.org/38383 http://osvdb.org/38379 http://osvdb.org/36987 http://osvdb.org/38382 http://osvdb.org/36989 http://osvdb.org/38380 http://osvdb.org/36986 http://osvdb.org/36988 http://osvdb.org/38381 http://www.vupen.com/english/advisories/2007/2082 http://www.securityfocus.com/archive/1/470508/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/30137/

CVE-2007-3060

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect