QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-0146

Back to search

CVE-2007-0146

Published: Jan 9, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php.

VendorProductVersions

n/a

n/a

affected
n/a

References

32649
vdb-entry
x_refsource_OSVDB
32647
vdb-entry
x_refsource_OSVDB
32648
vdb-entry
x_refsource_OSVDB
23625
third-party-advisory
x_refsource_SECUNIA
2119
third-party-advisory
x_refsource_SREASON
32646
vdb-entry
x_refsource_OSVDB
ADV-2007-0081
vdb-entry
x_refsource_VUPEN
20070106 Fix & Chips CMS v1.0
mailing-list
x_refsource_BUGTRAQ
32650
vdb-entry
x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now