cbcvebase.
CVE-2007-5728
published 2007-10-30

CVE-2007-5728: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via…

PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
14.64%
96.2th percentile
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianphppgadmin< phppgadmin 4.1.3-0.1 (forky)phppgadmin 4.1.3-0.1 (forky)
phppgadminphppgadmin
phppgadminphppgadmin
phppgadminphppgadmin
phppgadminphppgadmin
phppgadmin_projectphppgadmin>= 0 < 4.1.3-0.14.1.3-0.1
phppgadmin_projectphppgadmin>= 0 < 4.1.3-0.14.1.3-0.1

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv9.3CRITICAL
vendor_debian9.3LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.