6.5 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.018 Low
EPSS
Percentile
87.9%
Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.
CPE | Name | Operator | Version |
---|---|---|---|
phpgedview:phpgedview | phpgedview | le | 2.65 |
marc.info/?l=bugtraq&m=107394912715478&w=2
secunia.com/advisories/26628
securitytracker.com/id?1018613
www.osvdb.org/3473
www.osvdb.org/3474
www.osvdb.org/3475
www.osvdb.org/3476
www.osvdb.org/3477
www.osvdb.org/3478
www.osvdb.org/3479
www.securityfocus.com/archive/1/477881/100/0/threaded
www.securityfocus.com/bid/11868
www.securityfocus.com/bid/11880
www.securityfocus.com/bid/11882
www.securityfocus.com/bid/11888
www.securityfocus.com/bid/11890
www.securityfocus.com/bid/11891
www.securityfocus.com/bid/11894
www.securityfocus.com/bid/11903
www.securityfocus.com/bid/11904
www.securityfocus.com/bid/11905
www.securityfocus.com/bid/11906
www.securityfocus.com/bid/11907
www.vupen.com/english/advisories/2007/2995
exchange.xforce.ibmcloud.com/vulnerabilities/14212
exchange.xforce.ibmcloud.com/vulnerabilities/36285