Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate "WikiPage titles" issue was also fixed.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2007-01-23 00:28
Updated : 2024-02-04 17:13
NVD link : CVE-2007-0407
Mitre link : CVE-2007-0407
CVE.ORG link : CVE-2007-0407
JSON object : View
Products Affected
plain_black
- webgui
CWE