2 matches found
CVE-2007-2306
Multiple cross-site scripting XSS vulnerabilities in the Virtual War VWar 1.5.0 R15 and earlier module for PHP-Nuke, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 memberlist parameter to extra/login.php and the 2 title parameter to...
CVE-2007-2306
The CVE-2007-2306 entry describes multiple XSS vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke when register_globals is enabled. The affected components are the extra/login.php (memberlist parameter) and extra/today.php (title parameter). The impact is that rem...