Lucene search

MitreCVE-2007-3060

HistoryJun 06, 2007 - 1:30 a.m.

CVE-2007-3060

2007-06-0601:30:00

mitre

web.nvd.nist.gov

cve

2007

3060

xss

vulnerabilities

php live

remote attackers

web script

html

parameters

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.032

Percentile

91.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to © admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769.

Affected configurations

Nvd

Node

osi_codes_inc.phpliveMatch3.2.2

VendorProductVersionCPE
osi_codes_inc.phplive3.2.2cpe:2.3:a:osi_codes_inc.:phplive:3.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
osi_codes_inc.	phplive	3.2.2	cpe:2.3:a:osi_codes_inc.:phplive:3.2.2:::::::*

References

marc.info/?l=full-disclosure&m=118072121020357&w=2

osvdb.org/36986

osvdb.org/36987

osvdb.org/36988

osvdb.org/36989

osvdb.org/36990

osvdb.org/38379

osvdb.org/38380

osvdb.org/38381

osvdb.org/38382

osvdb.org/38383

secunia.com/advisories/25441

www.securityfocus.com/archive/1/470275

www.securityfocus.com/archive/1/470508/100/0/threaded

www.securityfocus.com/bid/24276

www.vupen.com/english/advisories/2007/2082

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.032

Percentile

91.4%

JSON

Related for CVE-2007-3060