Launchpad CVE tracker

CVE 2007-5051

Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) box_width, (2) PEDIGREE_GENERATIONS, and (3) rootid parameters in ancestry.php, and the (4) newpid parameter in timeline.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Related bugs and status

CVE-2007-5051 (Candidate) is related to these bugs:

Bug #227288: [phpgedview] [CVE-2007-5051] cross site scripting vulnerability due to insufficient input sanitising

		In	Importance	Status
227288	[phpgedview] [CVE-2007-5051] cross site scripting vulnerability due to insufficient input sanitising	phpgedview (Ubuntu)	Undecided	Won't Fix
227288	[phpgedview] [CVE-2007-5051] cross site scripting vulnerability due to insufficient input sanitising	phpgedview (Debian)	Unknown	Fix Released
227288	[phpgedview] [CVE-2007-5051] cross site scripting vulnerability due to insufficient input sanitising	phpgedview (Ubuntu Hardy)	Undecided	Won't Fix
227288	[phpgedview] [CVE-2007-5051] cross site scripting vulnerability due to insufficient input sanitising	phpgedview (Ubuntu Gutsy)	Undecided	Won't Fix
227288	[phpgedview] [CVE-2007-5051] cross site scripting vulnerability due to insufficient input sanitising	phpgedview (Ubuntu Feisty)	Undecided	Won't Fix
227288	[phpgedview] [CVE-2007-5051] cross site scripting vulnerability due to insufficient input sanitising	phpgedview (Ubuntu Intrepid)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

SECUNIA: 26922
BID: 25756
SECUNIA: 29954
DEBIAN: DSA-1559
XF: phpgedview-ancestry-ti...

Launchpad.net

CVE 2007-5051

Related bugs and status

Related bugs

References