VYPR
Unrated severityNVD Advisory· Published Jun 6, 2007· Updated Jun 16, 2026

CVE-2007-3060

CVE-2007-3060

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.