CVE

Id
28408  
CVE No.
CVE-2007-5051  
Status
Candidate  
Description
Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) box_width, (2) PEDIGREE_GENERATIONS, and (3) rootid parameters in ancestry.php, and the (4) newpid parameter in timeline.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.  
Phase
Assigned (20070923)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
295197 28408 CVE-2007-5051 DEBIAN:DSA-1559  View
295198 28408 CVE-2007-5051 URL:http://www.debian.org/security/2008/dsa-1559  View
295199 28408 CVE-2007-5051 BID:25756  View
295200 28408 CVE-2007-5051 URL:http://www.securityfocus.com/bid/25756  View
295201 28408 CVE-2007-5051 SECUNIA:26922  View
295202 28408 CVE-2007-5051 URL:http://secunia.com/advisories/26922  View
295203 28408 CVE-2007-5051 SECUNIA:29954  View
295204 28408 CVE-2007-5051 URL:http://secunia.com/advisories/29954  View
295205 28408 CVE-2007-5051 XF:phpgedview-ancestry-timeline-xss(36720)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
55738 JVNDB-2007-004430 iziContents における任意の PHP コードを実行される脆弱性 iziContents は、不完全なブラックリストにより、および (a) modules/moduleSec.php および (b) include/includeSec.php 内で特定の URL のインクルードチェックに不備があるため、任意の PHP コードを実行される脆弱性が存在します。 CVE-2007-5053 28408 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-004430.html  View