PT-2009-1331 · Myphpscripts · Myphpscripts Login Session

Osirys

Publicado

2009-01-06

Atualizado

2017-09-29

CVE-2008-5854

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions myPHPscripts Login Session version 2.0

Description The issue allows remote attackers to inject arbitrary web script or HTML via the ls user and ls email parameters in an ls register action, potentially leading to cross-site scripting (XSS) attacks.

Recommendations For myPHPscripts Login Session version 2.0, consider validating and sanitizing user input for the ls user and ls email parameters to prevent XSS attacks. As a temporary workaround, restrict access to the login.php file until a proper fix is applied.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2008-5854

Produtos afetados

Myphpscripts Login Session

PT-2009-1331 · Myphpscripts · Myphpscripts Login Session

CVE-2008-5854

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6