PT-2004-1247 · Php · Phpgedview

Windak

Publicado

2004-01-20

Atualizado

2017-10-10

CVE-2004-0032

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHPGEDVIEW version 2.61

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary HTML and web script. This is achieved via the firstname parameter in the "search.php" file.

Recommendations For PHPGEDVIEW version 2.61, avoid using the firstname parameter in the search.php file until a fix is available. As a temporary workaround, consider validating and sanitizing all user input to prevent malicious code injection.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-0032

Produtos afetados

Phpgedview

PT-2004-1247 · Php · Phpgedview

CVE-2004-0032

Identificadores relacionados

Produtos afetados

Referências · 7