{ "schema_version": "1.4.0", "id": "GHSA-7xxc-93r3-wgqh", "modified": "2022-05-01T18:09:53Z", "published": "2022-05-01T18:09:53Z", "aliases": [ "CVE-2007-3060" ], "details": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769.", "severity": [], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3060" }, { "type": "WEB", "url": "http://marc.info/?l=full-disclosure&m=118072121020357&w=2" }, { "type": "WEB", "url": "http://osvdb.org/36986" }, { "type": "WEB", "url": "http://osvdb.org/36987" }, { "type": "WEB", "url": "http://osvdb.org/36988" }, { "type": "WEB", "url": "http://osvdb.org/36989" }, { "type": "WEB", "url": "http://osvdb.org/36990" }, { "type": "WEB", "url": "http://osvdb.org/38379" }, { "type": "WEB", "url": "http://osvdb.org/38380" }, { "type": "WEB", "url": "http://osvdb.org/38381" }, { "type": "WEB", "url": "http://osvdb.org/38382" }, { "type": "WEB", "url": "http://osvdb.org/38383" }, { "type": "WEB", "url": "http://secunia.com/advisories/25441" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/470275" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/470508/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/24276" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2007/2082" } ], "database_specific": { "cwe_ids": [], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2007-06-06T01:30:00Z" } }