Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-06-06T01:00:00
Updated: 2018-10-16T14:57:01
Reserved: 2007-06-05T00:00:00
Link: CVE-2007-3060
JSON object: View
NVD Information
Status : Modified
Published: 2007-06-06T01:30:00.000
Modified: 2018-10-16T16:47:10.307
Link: CVE-2007-3060
JSON object: View
Redhat Information
No data.
CWE