CVE-2017-0378

🗓️ 20 Jul 2017 17:00:00Reported by debianType

cve🔗 web.nvd.nist.gov👁 43 Views🌐 WEB

XSS in login_form function in Phamm before 0.6.7, exploitable via PATH_INF

Reporter	Title	Published	Views	Family All 10
CNVD	Phamm 'login_form' function cross-site scripting vulnerability	21 Jul 201700:00	–	cnvd
Check Point Advisories	Phamm helpers.php Cross-Site Scripting (CVE-2017-0378)	7 Aug 201700:00	–	checkpoint_advisories
Cvelist	CVE-2017-0378	20 Jul 201717:00	–	cvelist
Debian CVE	CVE-2017-0378	20 Jul 201717:00	–	debiancve
EUVD	EUVD-2017-0732	7 Oct 202500:30	–	euvd
NVD	CVE-2017-0378	20 Jul 201717:29	–	nvd
OSV	UBUNTU-CVE-2017-0378	20 Jul 201717:29	–	osv
Prion	Cross site scripting	20 Jul 201717:29	–	prion
UbuntuCve	CVE-2017-0378	20 Jul 201717:29	–	ubuntucve
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2017-0378	10 Sep 202500:00	–	nessus

NVD

Node

phamm phammRange≤0.6.6

[
  {
    "product": "phamm before 0.6.7",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "phamm before 0.6.7"
      }
    ]
  }
]

Source	Link
github	www.github.com/lota/phamm/issues/21
securityfocus	www.securityfocus.com/bid/99927
phamm	www.phamm.org/docs/CHANGELOG
openwall	www.openwall.com/lists/oss-security/2017/07/20/3
bugs	www.bugs.debian.org/868988

Parameter	Position	Path	Description	CWE
PATH_INFO	path	/main.php	XSS via unsanitized PATH_INFO passed to main.php through login_form in Phamm before 0.6.7	CWE-79

13 May 2026 00:24Current

5.9Medium risk

Vulners AI Score5.9

CVSS 24.3

CVSS 36.1

EPSS0.00536

CWE-79