Unrated severityNVD Advisory· Published Nov 15, 2007· Updated Jun 16, 2026
CVE-2007-5985
CVE-2007-5985
Description
Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:bti-tracker:bti-tracker:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:bti-tracker:bti-tracker:*:*:*:*:*:*:*:*range: <=1.3.2
- (no CPE)range: <1.4.5
Patches
Vulnerability mechanics
References
15- secunia.com/advisories/27550nvdPatchVendor Advisory
- sourceforge.net/forum/forum.phpnvdPatch
- osvdb.org/38751nvd
- osvdb.org/38752nvd
- osvdb.org/38753nvd
- osvdb.org/38754nvd
- osvdb.org/42219nvd
- osvdb.org/42220nvd
- osvdb.org/42221nvd
- osvdb.org/42222nvd
- sourceforge.net/project/shownotes.phpnvd
- sourceforge.net/tracker/index.phpnvd
- www.securityfocus.com/bid/26551nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/38413nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/38414nvd
News mentions
0No linked articles in our index yet.