CVE-2002-1950

Name of the Vulnerable Software and Affected Versions phpRank version 1.8

Description The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerability can be exploited through the email parameter of "add.php" or the banurl parameter, which is the banner URL in the main list.

Recommendations For phpRank version 1.8, as a temporary workaround, consider validating and sanitizing user input for the email parameter in "add.php" and the banurl parameter to prevent malicious script injections. Restrict access to "add.php" and limit the ability to set the banner URL to trusted users until a fix is available.