Vulnerability Details CVE-2007-1234
Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php, or (4) the page parameter to calendar_events.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.3%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osvdb.org/33158
- http://osvdb.org/33159
- http://osvdb.org/33160
- http://osvdb.org/33161
- http://securityreason.com/securityalert/2373
- http://www.securityfocus.com/archive/1/461305/100/0/threaded
- http://www.securityfocus.com/archive/1/465849/100/200/threaded
- http://osvdb.org/33158
- http://osvdb.org/33159
- http://osvdb.org/33160
- http://osvdb.org/33161
- http://securityreason.com/securityalert/2373
- http://www.securityfocus.com/archive/1/461305/100/0/threaded
- http://www.securityfocus.com/archive/1/465849/100/200/threaded