CVE-2007-0891

phpMyVisites <2.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string.

References (7)

[Third Party Advisory] http://marc.info/?l=full-disclosure&m=117121596803908&w=2

[Broken Link] http://osvdb.org/33176

[Permissions Required] http://secunia.com/advisories/24124

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/22516

[Not Applicable] http://www.vupen.com/english/advisories/2007/0566

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/32430

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/459792/100/0/threaded

Scores

EPSS 0.0060

EPSS Percentile 69.1%

Classification

CWE

CWE-79

Status draft

Affected Products (9)

matthieu_aubry/phpmyvisites < 2.1

matthieu_aubry/phpmyvisites

Timeline

Published Feb 12, 2007

Tracked Since Feb 18, 2026