CVE-2007-1291
published 2007-03-07CVE-2007-1291: Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML…
PriorityP422medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EXPLOIT
EPSS
1.93%
77.5th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tyger | bug_tracking_system | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Tyger Bug Tracking System 1.1.3 - 'register.php?PATH_INFO' Cross-Site Scripting
exploitdb·2007-02-26
CVE-2007-1291 Tyger Bug Tracking System 1.1.3 - 'register.php?PATH_INFO' Cross-Site Scripting
Tyger Bug Tracking System 1.1.3 - 'register.php?PATH_INFO' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/22799/info
Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, retrieve and overwrite sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
http://www.example.com/Register.php/>">[XSS]
Exploit-DB
Tyger Bug Tracking System 1.1.3 - 'login.php?PATH_INFO' Cross-Site Scripting
exploitdb·2007-02-26
CVE-2007-1291 Tyger Bug Tracking System 1.1.3 - 'login.php?PATH_INFO' Cross-Site Scripting
Tyger Bug Tracking System 1.1.3 - 'login.php?PATH_INFO' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/22799/info
Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, retrieve and overwrite sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
http://www.example.com/Login.php/>">[XSS]
No writeups or analysis indexed.
http://secunia.com/advisories/24385http://securityreason.com/securityalert/2356http://www.securityfocus.com/archive/1/461801/100/0/threadedhttp://www.securityfocus.com/bid/22799http://www.vupen.com/english/advisories/2007/0822https://exchange.xforce.ibmcloud.com/vulnerabilities/32792http://secunia.com/advisories/24385http://securityreason.com/securityalert/2356http://www.securityfocus.com/archive/1/461801/100/0/threadedhttp://www.securityfocus.com/bid/22799http://www.vupen.com/english/advisories/2007/0822https://exchange.xforce.ibmcloud.com/vulnerabilities/32792
2007-03-07
Published