VIR Vulnerability Intelligence Relay

CVE-2013-7289

medium
Published 2014-01-10 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
4.3

Description

Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) email, or (4) username parameter.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
aphpkbaphpkb{"endIncluding":"0.95.7"}
aphpkbaphpkb0.1
aphpkbaphpkb0.2
aphpkbaphpkb0.3
aphpkbaphpkb0.4
aphpkbaphpkb0.5
aphpkbaphpkb0.6
aphpkbaphpkb0.9
aphpkbaphpkb0.21
aphpkbaphpkb0.31
aphpkbaphpkb0.33
aphpkbaphpkb0.35
aphpkbaphpkb0.38
aphpkbaphpkb0.39
aphpkbaphpkb0.41
aphpkbaphpkb0.42
aphpkbaphpkb0.43
aphpkbaphpkb0.44
aphpkbaphpkb0.45
aphpkbaphpkb0.51
aphpkbaphpkb0.52
aphpkbaphpkb0.53
aphpkbaphpkb0.54
aphpkbaphpkb0.55
aphpkbaphpkb0.56
aphpkbaphpkb0.57
aphpkbaphpkb0.58
aphpkbaphpkb0.59
aphpkbaphpkb0.61
aphpkbaphpkb0.62
aphpkbaphpkb0.63
aphpkbaphpkb0.64
aphpkbaphpkb0.65
aphpkbaphpkb0.66
aphpkbaphpkb0.67
aphpkbaphpkb0.70
aphpkbaphpkb0.71
aphpkbaphpkb0.72
aphpkbaphpkb0.73
aphpkbaphpkb0.74
aphpkbaphpkb0.75
aphpkbaphpkb0.76
aphpkbaphpkb0.77
aphpkbaphpkb0.78
aphpkbaphpkb0.79
aphpkbaphpkb0.80
aphpkbaphpkb0.81
aphpkbaphpkb0.82
aphpkbaphpkb0.83
aphpkbaphpkb0.84
aphpkbaphpkb0.85
aphpkbaphpkb0.86
aphpkbaphpkb0.87
aphpkbaphpkb0.88
aphpkbaphpkb0.88.5
aphpkbaphpkb0.88.6
aphpkbaphpkb0.88.7
aphpkbaphpkb0.88.8
aphpkbaphpkb0.89
aphpkbaphpkb0.91
aphpkbaphpkb0.92
aphpkbaphpkb0.92.1
aphpkbaphpkb0.92.2
aphpkbaphpkb0.92.3
aphpkbaphpkb0.92.4
aphpkbaphpkb0.92.5
aphpkbaphpkb0.92.6
aphpkbaphpkb0.92.7
aphpkbaphpkb0.92.8
aphpkbaphpkb0.92.9
aphpkbaphpkb0.93.1
aphpkbaphpkb0.93.2
aphpkbaphpkb0.93.3
aphpkbaphpkb0.93.4
aphpkbaphpkb0.93.5
aphpkbaphpkb0.93.6
aphpkbaphpkb0.93.7
aphpkbaphpkb0.93.8
aphpkbaphpkb0.93.9
aphpkbaphpkb0.94.1
aphpkbaphpkb0.94.2
aphpkbaphpkb0.94.3
aphpkbaphpkb0.94.4
aphpkbaphpkb0.94.5
aphpkbaphpkb0.94.6
aphpkbaphpkb0.94.7
aphpkbaphpkb0.94.8
aphpkbaphpkb0.94.9
aphpkbaphpkb0.95
aphpkbaphpkb0.95.1
aphpkbaphpkb0.95.2
aphpkbaphpkb0.95.3
aphpkbaphpkb0.95.4
aphpkbaphpkb0.95.5
aphpkbaphpkb0.95.6
aphpkbaphpkb0.361
aphpkbaphpkb0.371

References

CWEs

CWE-79

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.