5 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in request.php in PHP Live! 3.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the pagex parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en request.php en PHP Live! 3.2.2 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámerto pagex. • http://osvdb.org/36814 http://pridels-team.blogspot.com/2007/06/php-live-support-xss-vuln.html http://www.securityfocus.com/bid/24443 https://exchange.xforce.ibmcloud.com/vulnerabilities/34828 •

CVSS: 6.8EPSS: 3%CPEs: 3EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search_string parameter in (a) setup/transcripts.php, the (2) l parameter in (b) index.php, the (3) login field in (c) phplive/index.php, and the (4) deptid and (5) x parameters in (d) phplive/message_box.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en PHP Live! 3.2.2 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro (1) search_string de (a) setup/transcripts.php, el parámetro (2) l de (b) index.php, el campo (3) login en (c) phplive/index.php, y los parámetros (4) deptid y (5) x en (d) phplive/message_box.php. • http://secunia.com/advisories/23488 http://securityreason.com/securityalert/2068 http://www.hackerscenter.com/archive/view.asp?id=26833 http://www.securityfocus.com/archive/1/455269/100/0/threaded http://www.securityfocus.com/bid/21737 •

CVSS: 7.5EPSS: 28%CPEs: 1EXPL: 3

PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the css_path parameter in (1) help.php and (2) setup/header.php. Vulnerabilidad PHP de inclusión remota de archivo en OSI Codes PHP Live! 3.2.1 y anteriores permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro css_path en (1) help.php y (2) setup/header.php. • https://www.exploit-db.com/exploits/2060 http://secunia.com/advisories/21158 http://securityreason.com/securityalert/1297 http://securitytracker.com/id?1016581 http://securitytracker.com/id?1017017 http://www.neosecurityteam.net/index.php?action=advisories&id=25 http://www.osvdb.org/27448 http://www.osvdb.org/27449 http://www.securityfocus.com/archive/1/440955 http://www.securityfocus.com/archive/1/447947/100/200/threaded http://www.securityfocus.com/bid/19116 http://ww •

CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 1

Cross-site scripting (XSS) vulnerability in status_image.php in PHP Live! 3.0 allows remote attackers to inject arbitrary web script or HTML via the base_url parameter. • http://secunia.com/advisories/19340 http://www.securityfocus.com/archive/1/428452/100/0/threaded http://www.securityfocus.com/bid/17184 http://www.vupen.com/english/advisories/2006/1054 https://exchange.xforce.ibmcloud.com/vulnerabilities/25386 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major security problem," allows remote attackers to include arbitrary files and directories via unspecified attack vectors. • http://archives.neohapsis.com/archives/apps/freshmeat/2004-11/0022.html http://secunia.com/advisories/13420 http://securitytracker.com/id?1012467 http://www.osvdb.org/12147 http://www.securityfocus.com/bid/11863 https://exchange.xforce.ibmcloud.com/vulnerabilities/18414 •