Unrated severityNVD Advisory· Published Dec 15, 2007· Updated Apr 23, 2026
CVE-2007-6374
CVE-2007-6374
Description
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. NOTE: the error parameter to users/login.php is covered by CVE-2006-3103.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.hackerscenter.com/archive/view.aspnvdExploit
- osvdb.org/39129nvd
- osvdb.org/39130nvd
- secunia.com/advisories/28024nvd
- securityreason.com/securityalert/3428nvd
- www.securityfocus.com/archive/1/484805/100/0/threadednvd
- www.securityfocus.com/bid/26801nvd
- www.vupen.com/english/advisories/2007/4168nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/38942nvd
News mentions
0No linked articles in our index yet.