Vulnerability Details CVE-2007-2632
Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[].
Exploit prediction scoring system (EPSS) score
EPSS Score 0.088
EPSS Ranking 92.1%
CVSS Severity
CVSS v2 Score 6.8
References
- http://marc.info/?l=bugtraq&m=117883301207293&w=2
- http://osvdb.org/36212
- http://osvdb.org/36213
- http://www.securityfocus.com/bid/23917
- http://www.vupen.com/english/advisories/2007/1796
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34228
- http://marc.info/?l=bugtraq&m=117883301207293&w=2
- http://osvdb.org/36212
- http://osvdb.org/36213
- http://www.securityfocus.com/bid/23917
- http://www.vupen.com/english/advisories/2007/1796
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34228
Products affected by CVE-2007-2632
-
cpe:2.3:a:php_multi_user_randomizer:php_multi_user_randomizer:2006.09.13