CVE-2007-3596

2007-07-0618:00:00

mitre

www.cve.org

6.2 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.4%

JSON

inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric characters in the sess_id parameter, which has unknown impact and remote attack vectors, probably cross-site scripting (XSS).

References

osvdb.org/36349

phpvideopro.cvs.sourceforge.net/phpvideopro/phpvideopro/inc/vul_check.inc?r1=1.10&r2=1.11

secunia.com/advisories/25815

sourceforge.net/project/shownotes.php?release_id=518490&group_id=18639

www.qumran.org/homes/izzy/software/pvp-dev/help/?topic=history

www.securityfocus.com/bid/24644

exchange.xforce.ibmcloud.com/vulnerabilities/35120