CVE-2007-3067 Information

Description

Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors possibly involving the (1) keyshow (2) sortkey and (3) show parameters to index.php.

Reference

http://osvdb.org/36930 http://secunia.com/advisories/25538 http://sourceforge.net/project/shownotes.php?release_id=512860&group_id=167016 http://www.vupen.com/english/advisories/2007/2045 https://exchange.xforce.ibmcloud.com/vulnerabilities/34700