Detections
Analytics

CVE-2006-7078

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) vorname, and (3) nachname parameters in the register script. NOTE: some details have been obtained from third party sources.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27967

http://www.vupen.com/english/advisories/2006/2981

http://www.securityfocus.com/archive/1/441194/100/0/threaded

http://securityreason.com/securityalert/2329

http://secunia.com/advisories/21206

http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048194.html

Details

Source: Mitre, NVD

Published: 2007-03-02

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00475