11 lines
No EOL
648 B
Text
11 lines
No EOL
648 B
Text
source: https://www.securityfocus.com/bid/57759/info
|
|
|
|
ezStats for Battlefield 3 is prone to multiple cross-site scripting vulnerabilities and a local file include vulnerability.
|
|
|
|
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or run arbitrary files in the context of the web server process.
|
|
|
|
ezStats for Battlefield 3 0.91 is vulnerable; other versions may also be affected.
|
|
|
|
http://www.example.com/ezStats2/compare.php?common=[XSS]
|
|
|
|
http://www.example.com/ezStats2/compare.php?rankings=[XSS] |