PT-2004-1247 · Php · Phpgedview
Windak
·
Published
2004-01-20
·
Updated
2017-10-10
·
CVE-2004-0032
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PHPGEDVIEW version 2.61
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary HTML and web script. This is achieved via the
firstname parameter in the "search.php" file.Recommendations
For PHPGEDVIEW version 2.61, avoid using the
firstname parameter in the search.php file until a fix is available. As a temporary workaround, consider validating and sanitizing all user input to prevent malicious code injection.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpgedview