PT-2004-2809 · Azdg · Azdgdatinglite

Janek Vind

Published

2004-12-31

Updated

2017-07-11

CVE-2004-1911

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions AzDGDatingLite version 2.1.1

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the l parameter (also known as the language variable) to "index.php" or the id parameter to "view.php".

Recommendations For AzDGDatingLite version 2.1.1, consider validating and sanitizing user input for the l parameter in "index.php" and the id parameter in "view.php" to prevent arbitrary script injection. As a temporary workaround, restrict access to these parameters until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1911

Affected Products

Azdgdatinglite

PT-2004-2809 · Azdg · Azdgdatinglite

CVE-2004-1911

Related Identifiers

Affected Products

References · 9