Unrated severityNVD Advisory· Published Mar 21, 2007· Updated Apr 23, 2026

CVE-2007-1576

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files.

Affected products

Phprojekt/Phprojekt
cpe:2.3:a:phprojekt:phprojekt:5.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.phprojekt.com/index.phpnvdBroken LinkPatchVendor Advisory
security.gentoo.org/glsa/glsa-200706-07.xmlnvdThird Party Advisory
www.nruns.de/security_advisory_phprojekt_xss_and_filter_evasion.phpnvdBroken LinkVendor Advisory
www.securityfocus.com/bid/22957nvdVDB Entry
osvdb.org/34064nvd
osvdb.org/34065nvd
osvdb.org/34066nvd
osvdb.org/34067nvd
osvdb.org/34068nvd
osvdb.org/34069nvd
secunia.com/advisories/24509nvd
secunia.com/advisories/25748nvd
securityreason.com/securityalert/2459nvd
www.securityfocus.com/archive/1/462788/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000