CVE-2007-2914

PsychoStats 3.0.6b - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files.

References (9)

[Various Sources] http://redlevel.org/wp-content/uploads/psychostats.txt

[Vendor Advisory] http://secunia.com/advisories/25387

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34439

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/469260/100/0/threaded

[Third Party Advisory, VDB Entry] http://osvdb.org/36639

[Third Party Advisory, VDB Entry] http://osvdb.org/36640

[Third Party Advisory, VDB Entry] http://osvdb.org/36641

[Third Party Advisory, VDB Entry] http://osvdb.org/36642

[Third Party Advisory] http://securityreason.com/securityalert/2750

Scores

EPSS 0.0079

EPSS Percentile 73.7%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

psychostats/psychostats

Timeline

Published May 30, 2007

Tracked Since Feb 18, 2026