CVE-2007-1234

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php, or (4) the page parameter to calendar_events.php.

References

http://www.securityfocus.com/archive/1/465849/100/200/threaded

http://www.securityfocus.com/archive/1/461305/100/0/threaded

http://securityreason.com/securityalert/2373

http://osvdb.org/33161

http://osvdb.org/33160

http://osvdb.org/33159

http://osvdb.org/33158

Details

Source: Mitre, NVD

Published: 2007-03-03

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00475