Vulnerabilities > CVE-2007-3060 - Scripts Multiple Cross-Site Scripting vulnerability in OSI Codes Inc. PHPlive 3.2.2

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
osi-codes-inc
exploit available
NVD
Published: 2007-06-06
Updated: 2018-10-16

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769.

Vulnerable Configurations

Part Description Count
Application
Osi_Codes_Inc.
1

Exploit-Db

  • descriptionPHPLive! 3.2.2 super/info.php BASE_URL Variable Parameter XSS. CVE-2007-3060 . Webapps exploit for php platform
    idEDB-ID:30136
    last seen2016-02-03
    modified2007-06-01
    published2007-06-01
    reporterReZEN
    sourcehttps://www.exploit-db.com/download/30136/
    titlePHPLive! 3.2.2 super/info.php BASE_URL Variable Parameter XSS
  • descriptionPHPLive! 3.2.2 help.php Multiple Parameter XSS. CVE-2007-3060. Webapps exploit for php platform
    idEDB-ID:30134
    last seen2016-02-03
    modified2007-06-01
    published2007-06-01
    reporterReZEN
    sourcehttps://www.exploit-db.com/download/30134/
    titlePHPLive! 3.2.2 help.php Multiple Parameter XSS
  • descriptionPHPLive! 3.2.2 chat.php sid Parameter XSS. CVE-2007-3060 . Webapps exploit for php platform
    idEDB-ID:30133
    last seen2016-02-03
    modified2007-06-01
    published2007-06-01
    reporterReZEN
    sourcehttps://www.exploit-db.com/download/30133/
    titlePHPLive! 3.2.2 chat.php sid Parameter XSS
  • descriptionPHPLive! 3.2.2 setup/footer.php Multiple Parameter XSS. CVE-2007-3060. Webapps exploit for php platform
    idEDB-ID:30137
    last seen2016-02-03
    modified2007-06-01
    published2007-06-01
    reporterReZEN
    sourcehttps://www.exploit-db.com/download/30137/
    titlePHPLive! 3.2.2 setup/footer.php Multiple Parameter XSS
  • descriptionPHPLive! 3.2.2 admin/header.php admin[name] Parameter XSS. CVE-2007-3060. Webapps exploit for php platform
    idEDB-ID:30135
    last seen2016-02-03
    modified2007-06-01
    published2007-06-01
    reporterReZEN
    sourcehttps://www.exploit-db.com/download/30135/
    titlePHPLive! 3.2.2 - admin/header.php adminname Parameter XSS

References