PT-2005-4370 · Phpwebthings · Phpwebthings
Linux_Drox
·
Publicado
2005-11-16
·
Atualizado
2016-10-18
·
CVE-2005-3584
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
PhpWebThings version 1.4.4
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the
forum parameter in the "forum.php" file.Recommendations
For PhpWebThings version 1.4.4, consider validating and sanitizing user input for the
forum parameter to prevent XSS attacks. As a temporary workaround, restrict access to the "forum.php" file until a patch is available.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Phpwebthings