PT-2002-2891 · Phpwebsite · Phpwebsite
Publicado
2002-12-31
·
Atualizado
2008-09-05
·
CVE-2002-2178
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
phpWebSite version 0.8.3
Description:
A cross-site scripting (XSS) issue exists, allowing remote attackers to execute arbitrary Javascript scripts. This is achieved via the
sid parameter in the article.php module. An example of exploitation involves using an IMG tag.Recommendations:
For phpWebSite version 0.8.3, consider restricting access to the article.php module until a fix is available, and avoid using the
sid parameter in this module to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Phpwebsite