CVE

Id
26358  
CVE No.
CVE-2007-3001  
Status
Candidate  
Description
Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239.  
Phase
Assigned (20070604)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
266958 26358 CVE-2007-3001 BUGTRAQ:20070530 PHP JackKnife [multiple vulnerabilities]  View
266959 26358 CVE-2007-3001 URL:http://www.securityfocus.com/archive/1/archive/1/470111/100/0/threaded  View
266960 26358 CVE-2007-3001 BID:24253  View
266961 26358 CVE-2007-3001 URL:http://www.securityfocus.com/bid/24253  View
266962 26358 CVE-2007-3001 OSVDB:38877  View
266963 26358 CVE-2007-3001 URL:http://osvdb.org/38877  View
266964 26358 CVE-2007-3001 OSVDB:38878  View
266965 26358 CVE-2007-3001 URL:http://osvdb.org/38878  View
266966 26358 CVE-2007-3001 OSVDB:38879  View
266967 26358 CVE-2007-3001 URL:http://osvdb.org/38879  View
266968 26358 CVE-2007-3001 SREASON:2768  View
266969 26358 CVE-2007-3001 URL:http://securityreason.com/securityalert/2768  View
266970 26358 CVE-2007-3001 XF:phpjk-indexgdisplayauthenticate-xss(34643)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
55254 JVNDB-2007-003946 myBloggie における SQL インジェクションの脆弱性 myBloggie には、SQL インジェクションの脆弱性が存在します。 CVE-2007-3003 26358 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-003946.html  View