CVE-2007-0364

Exp

Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name, (4) friend_email, (5) error_msg, (6) my_name, (7) my_email, and (8) id parameters to (c) tell_friend.php; the (9) error_msg, (10) email, (11) name, and (12) subject parameters to (d) sendmail.php; the (13) email, (14) error_msg, and (15) username parameters to (e) send_pwd.php; the (16) keyword parameter to (f) search.php; the (17) error_msg, (18) username, (19) password, (20) password2, and (21) email parameters to (g) register.php; the (22) url, (23) contact_name, and (24) email parameters to (h) power_search.php; the (25) path and (26) total parameters to (i) new.php; the (27) query parameter to (j) modify.php; the (28) error_msg parameter to (k) login.php; the (29) error_msg and (30) email parameters to (l) mailing_list.php; the (31) gateway parameter to (m) upgrade.php; and another unspecified vector.

Published: 2007-01-19 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2007-0364 is rated High Exploit Risk (62.6/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 2.67%). 14 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +1.12% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2007-0364

EDB-ID Source Kind Published Link
29479 exploit_db edb 2007-01-16 Exploit-DB ↗
29477 exploit_db edb 2007-01-16 Exploit-DB ↗
29480 exploit_db edb 2007-01-16 Exploit-DB ↗
29478 exploit_db edb 2007-01-16 Exploit-DB ↗
29483 exploit_db edb 2007-01-16 Exploit-DB ↗
29481 exploit_db edb 2007-01-16 Exploit-DB ↗
29484 exploit_db edb 2007-01-16 Exploit-DB ↗
29485 exploit_db edb 2007-01-16 Exploit-DB ↗
29486 exploit_db edb 2007-01-16 Exploit-DB ↗
29487 exploit_db edb 2007-01-16 Exploit-DB ↗
29488 exploit_db edb 2007-01-16 Exploit-DB ↗
29489 exploit_db edb 2007-01-16 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2007-0364

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 1.54% 2.67% +1.12%
2 2026-06-01 1.78% 1.54% -0.24%
3 2026-02-06 1.78%

Full EPSS history (23 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2007-0364

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.3 2.0 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
 8.6 2.9 [email protected]

Weakness enumeration for CVE-2007-0364

Affected software / configurations for CVE-2007-0364

Vendor Product Version Raw CPE
nicecoder indexu <= 5.3 cpe:2.3:a:nicecoder:indexu:*:*:*:*:*:*:*:*
nicecoder indexu 5.0 cpe:2.3:a:nicecoder:indexu:5.0:*:*:*:*:*:*:*
nicecoder indexu 5.0.1 cpe:2.3:a:nicecoder:indexu:5.0.1:*:*:*:*:*:*:*

References for CVE-2007-0364

cvelogic Threat Intelligence