Vulnerabilities > CVE-2007-3001 - Cross-Site Scripting vulnerability in PHP Jackknife PHP Jackknife 2.21
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description PHP JackKnife 2.21 (PHPJK) UserArea/NewAccounts/index.php sAccountUnq Parameter XSS. CVE-2007-3001. Webapps exploit for php platform id EDB-ID:30115 last seen 2016-02-03 modified 2007-05-31 published 2007-05-31 reporter laurent gaffie source https://www.exploit-db.com/download/30115/ title PHP JackKnife 2.21 PHPJK UserArea/NewAccounts/index.php sAccountUnq Parameter XSS description PHP JackKnife 2.21 (PHPJK) G_Display.php Multiple Parameter XSS. CVE-2007-3001. Webapps exploit for php platform id EDB-ID:30116 last seen 2016-02-03 modified 2007-05-31 published 2007-05-31 reporter laurent gaffie source https://www.exploit-db.com/download/30116/ title PHP JackKnife 2.21 PHPJK G_Display.php Multiple Parameter XSS description PHP JackKnife 2.21 (PHPJK) UserArea/Authenticate.php sUName Parameter XSS. CVE-2007-3001. Webapps exploit for php platform id EDB-ID:30114 last seen 2016-02-03 modified 2007-05-31 published 2007-05-31 reporter laurent gaffie source https://www.exploit-db.com/download/30114/ title PHP JackKnife 2.21 PHPJK UserArea/Authenticate.php sUName Parameter XSS