9 lines
No EOL
568 B
Text
Executable file
9 lines
No EOL
568 B
Text
Executable file
source: http://www.securityfocus.com/bid/34500/info
|
|
|
|
LinPHA is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
|
|
|
|
Attackers can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help attackers steal cookie-based authentication credentials and launch other attacks.
|
|
|
|
Versions prior to LinPHA 1.3.4 are vulnerable.
|
|
|
|
http://www.example.com/linpha-1.3.2/login.php?ref='><script>alert(1)</ScRiPt> |