PT-2005-1916 · Double Choco Latte · Double Choco Latte

Published

2005-03-26

Updated

2017-07-11

CVE-2005-0888

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Double Choco Latte version 0.9.4.3

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the functions.inc.php file. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the class or method name.

Recommendations For Double Choco Latte version 0.9.4.3, consider disabling the vulnerable functions in functions.inc.php until a patch is available. Restrict access to the class and method name parameters to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0888

Affected Products

Double Choco Latte

PT-2005-1916 · Double Choco Latte · Double Choco Latte

CVE-2005-0888

Related Identifiers

Affected Products

References · 5