MEDIUMpublic-safe

CVE-2007-3060

NVD: Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! NVD: 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5)...

CVSS
4.3 Severity
MEDIUM EPSS
0.0496 (91) KEV
-

Source-published summary

Possible impact

Affected context

vendor/product: osi_codes_inc. / phplive; affected version context: 3.2.2

Remediation / advisory

Remediation reference present; patch status requires confirmation in the linked advisory.

Why it matters

Source describes XSS risk · remote exposure. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk · remote exposure.; CVSS 4.3 (MEDIUM); EPSS percentile 91; not listed in KEV; Remediation reference present; patch status requires confirmation in the linked advisory; sources: NVD.

What to verify

Confirm affected product/version, vendor advisory, patch or mitigation, and exposure.

Exposure hint

remote exposure

Impact tags

XSS riskremote exposure relevant

Urgency reasons

EPSS percentile highaffected product presentvendor advisory presentrecent updateremediation reference present

Source-derived note

Summary derived from NVD description; unsafe procedural detail is not shown.

Redaction metadata

source summary used: True
fallback summary used: False
unsafe procedural detail present: false
raw source displayed: false
public summary redacted: true

Remediation handoff

Public-safe static handoff for human/Codex remediation planning. Scan, patch, external execution, and auto remediation are disabled.

Handoff JSON Handoff Markdown Safe Codex prompt

Safety note

This radar shows source-published defensive context only. Exploit procedures, exploit strings, scanner commands, and auto-remediation are not provided.