Description
Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Hanno Boeck · htmlwebappsphp
https://www.exploit-db.com/exploits/30751
References (5)
Core 5
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26407
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/483575/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3363
Various Sources x_refsource_misc
http://www.int21.de/cve/CVE-2007-3694-bm.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38418
Scores
EPSS
0.0160
EPSS Percentile
81.8%
Details
CWE
CWE-79
Status
published
Products (1)
getmiro/broadcast_machine
0.9.9.9
Published
Nov 14, 2007
Tracked Since
Feb 18, 2026