Back to search
CVE-2007-2801
Published: Jun 30, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTicket 1.5.5 and 1.5.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) err and (2) warn parameters. NOTE: the vendor disputes the significance of the issue, stating that "eTicket is not designed to work with register_globals On."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20070627 eTicket version 1.5.5 XSS Attack Vulnerability
mailing-list
x_refsource_BUGTRAQ
20070627 eTicket version 1.5.5 XSS Attack Vulnerability
mailing-list
x_refsource_FULLDISC
ADV-2007-2372
vdb-entry
x_refsource_VUPEN
34786
vdb-entry
x_refsource_OSVDB
eticket-open-xss(35121)
vdb-entry
x_refsource_XF
http://www.netvigilance.com/advisory0031
x_refsource_MISC
24681
vdb-entry
x_refsource_BID
25871
third-party-advisory
x_refsource_SECUNIA
20070629 Re: eTicket version 1.5.5 XSS Attack Vulnerability
mailing-list
x_refsource_BUGTRAQ
20070707 eTicket version 1.5.5 XSS Attack Vulnerability
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now