CVE-2007-1576

Published: Mar 21, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files.

Affected (1)

Products: Phprojekt: Phprojekt

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phprojekt Phprojekt	Version 5.2

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (28)

http://osvdb.org/34064

Source: cve@mitre.org

http://osvdb.org/34065

Source: cve@mitre.org

http://osvdb.org/34066

Source: cve@mitre.org

http://osvdb.org/34067

Source: cve@mitre.org

http://osvdb.org/34068

Source: cve@mitre.org

http://osvdb.org/34069

Source: cve@mitre.org

http://secunia.com/advisories/24509

Source: cve@mitre.org

http://secunia.com/advisories/25748

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200706-07.xml

Source: cve@mitre.org

Third Party Advisory

http://securityreason.com/securityalert/2459

Source: cve@mitre.org

http://www.nruns.de/security_advisory_phprojekt_xss_and_filter_evasion.php

Source: cve@mitre.org

Broken LinkVendor Advisory

http://www.phprojekt.com/index.php?name=News&file=article&sid=276

Source: cve@mitre.org

Broken LinkPatchVendor Advisory

http://www.securityfocus.com/archive/1/462788/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/22957

Source: cve@mitre.org

VDB Entry

http://osvdb.org/34064

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/34065

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/34066

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/34067

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/34068

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/34069

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/24509

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25748

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200706-07.xml

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://securityreason.com/securityalert/2459

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.nruns.de/security_advisory_phprojekt_xss_and_filter_evasion.php

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

http://www.phprojekt.com/index.php?name=News&file=article&sid=276

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkPatchVendor Advisory

http://www.securityfocus.com/archive/1/462788/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/22957

Source: af854a3a-2127-422b-91ae-364da2661108

VDB Entry

Timeline

No history available yet.