PT-2002-2529 · Phpwebsite · Phpwebsite
Published
2002-12-31
·
Updated
2008-09-05
·
CVE-2002-1807
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
phpWebSite version 0.8.3
Description
The issue allows remote attackers to inject arbitrary web script or HTML via Javascript in an
IMG tag, which can lead to cross-site scripting (XSS) attacks.Recommendations
For phpWebSite version 0.8.3, consider disabling the ability to inject Javascript in
IMG tags until a patch is available. Restrict access to areas where user-inputted HTML is processed to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpwebsite