PT-2008-3823 · Phpvid · Phpvid
R45C4L
·
Published
2008-05-19
·
Updated
2017-09-29
·
CVE-2008-2335
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
phpVID versions 1.1 through 1.2.3
Description:
The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the
query parameter in the "search results.php" file.Recommendations:
For phpVID versions 1.1 through 1.2.3, consider disabling the search functionality in "search results.php" until a patch is available to prevent exploitation of the XSS vulnerability via the
query parameter.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpvid