PT-2002-2990 · Unknown · Portailphp
Published
2002-12-31
·
Updated
2017-07-29
·
CVE-2002-2278
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
PortailPHP version 0.99
Description:
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the
App Theme, Rub Search, Rub News, Rub File, Rub Liens, or Rub Faq variables.Recommendations:
For PortailPHP version 0.99, avoid using the variables
App Theme, Rub Search, Rub News, Rub File, Rub Liens, or Rub Faq in the mod search/index.php file until a patch is available. As a temporary workaround, consider validating and sanitizing user input to prevent the injection of malicious scripts.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Portailphp