CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-3001

Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.022

EPSS Ranking 83.9%

CVSS Severity

CVSS v2 Score 4.3

References

http://osvdb.org/38877
http://osvdb.org/38878
http://osvdb.org/38879
http://securityreason.com/securityalert/2768
http://www.securityfocus.com/archive/1/470111/100/0/threaded
http://www.securityfocus.com/bid/24253
https://exchange.xforce.ibmcloud.com/vulnerabilities/34643
http://osvdb.org/38877
http://osvdb.org/38878
http://osvdb.org/38879
http://securityreason.com/securityalert/2768
http://www.securityfocus.com/archive/1/470111/100/0/threaded
http://www.securityfocus.com/bid/24253
https://exchange.xforce.ibmcloud.com/vulnerabilities/34643

Products affected by CVE-2007-3001

Php Jackknife » Php Jackknife » Version: 2.21

cpe:2.3:a:php_jackknife:php_jackknife:2.21

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-3001

Products

Pricing

Contact Us