Description
Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.
Exploits (3)
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/456055/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/33390
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/33392
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/7950
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21891
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/33391
Scores
EPSS
0.0194
EPSS Percentile
83.5%
Details
Status
published
Products (1)
edittag/edittag
1.2
Published
Jan 09, 2007
Tracked Since
Feb 18, 2026