CVE-2007-3579

Published: Jul 5, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script.

Affected (1)

Products: Phpids: Phpids

Phpids

1 product

Phpids

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpids Phpids	All versions

References (8)

http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0

Source: cve@mitre.org

http://osvdb.org/45756

Source: cve@mitre.org

http://sla.ckers.org/forum/read.php?2%2C13209%2C13218

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/35520

Source: cve@mitre.org

http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/45756

Source: af854a3a-2127-422b-91ae-364da2661108

http://sla.ckers.org/forum/read.php?2%2C13209%2C13218

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/35520

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.