Vulnerabilities > CVE-2007-3579 - Unspecified vulnerability in PHPids
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0
- http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0
- http://osvdb.org/45756
- http://osvdb.org/45756
- http://sla.ckers.org/forum/read.php?2%2C13209%2C13218
- http://sla.ckers.org/forum/read.php?2%2C13209%2C13218
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35520
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35520