Unrated severityNVD Advisory· Published Jun 6, 2007· Updated Apr 23, 2026

CVE-2007-3060

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769.

Affected products

Osi Codes Inc./Phplive
cpe:2.3:a:osi_codes_inc.:phplive:3.2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

marc.infonvdExploit
www.securityfocus.com/bid/24276nvdExploit
osvdb.org/36986nvd
osvdb.org/36987nvd
osvdb.org/36988nvd
osvdb.org/36989nvd
osvdb.org/36990nvd
osvdb.org/38379nvd
osvdb.org/38380nvd
osvdb.org/38381nvd
osvdb.org/38382nvd
osvdb.org/38383nvd
secunia.com/advisories/25441nvd
www.securityfocus.com/archive/1/470275nvd
www.securityfocus.com/archive/1/470508/100/0/threadednvd
www.vupen.com/english/advisories/2007/2082nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000