Lucene search

[email protected]CVE-2007-3060

HistoryJun 06, 2007 - 1:30 a.m.

CVE-2007-3060

2007-06-0601:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2007

3060

xss

vulnerabilities

php live

remote attackers

web script

html

parameters

nvd

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.019 Low

EPSS

Percentile

88.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to © admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769.

CPENameOperatorVersion
osi_codes_inc.:phpliveosi codes inc. phpliveeq3.2.2

CPE	Name	Operator	Version
osi_codes_inc.:phplive	osi codes inc. phplive	eq	3.2.2

References

marc.info/?l=full-disclosure&m=118072121020357&w=2

osvdb.org/36986

osvdb.org/36987

osvdb.org/36988

osvdb.org/36989

osvdb.org/36990

osvdb.org/38379

osvdb.org/38380

osvdb.org/38381

osvdb.org/38382

osvdb.org/38383

secunia.com/advisories/25441

www.securityfocus.com/archive/1/470275

www.securityfocus.com/archive/1/470508/100/0/threaded

www.securityfocus.com/bid/24276

www.vupen.com/english/advisories/2007/2082

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.019 Low

EPSS

Percentile

88.5%

JSON

Related for CVE-2007-3060

prion1 exploitdb3 cve1