CVE-2002-1799

Name of the Vulnerable Software and Affected Versions phpRank version 1.8

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the email parameter to "add.php" or the banurl parameter.

Recommendations For phpRank version 1.8, consider validating and sanitizing user input for the email parameter in "add.php" and the banurl parameter to prevent XSS attacks. As a temporary workaround, restrict access to "add.php" and limit the use of the banurl parameter until a fix is available.