CVE-2007-1576

Phprojekt - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files.

References (14)

Scores

EPSS 0.0089
EPSS Percentile 75.3%

Classification

CWE
CWE-79
Status draft

Affected Products (1)

phprojekt/phprojekt

Timeline

Published Mar 21, 2007
Tracked Since Feb 18, 2026