Lucene search
Sl4xUzEDB-ID:32230HistoryAug 12, 2008 - 12:00 a.m.
IDevSpot PHPLinkExchange 1.01/1.02 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
2008-08-1200:00:00
sl4xUz
www.exploit-db.com
12
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/30665/info
PhPLinkExchange is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
PhpLinkExchange 1.01 is vulnerable; other versions may also be affected.
http://www.example.com/index.php?catid=[XSS]
http://www.example.com/index.php?page=user_add&catid=[XSS]
http://www.example.com/index.php?page=recip&catid=[XSS]
http://www.example.com/index.php?page=tellafriend&catid=[XSS]
http://www.example.com/index.php?page=contact&catid=[XSS]
http://www.example.com/index.php?page=tellafriend&id=[XSS] Related
prion
prion
Cross site scripting
2008-08-14 19:41:00
cve
cve
CVE-2008-3679
2008-08-14 19:41:00
exploitdb
exploitdb
PhpLinkExchange 1.02 - Cross-Site Scripting / Upload
2009-12-16 00:00:00
cvelist
cvelist
CVE-2008-3679
2008-08-14 19:00:00
nvd
nvd
CVE-2008-3679
2008-08-14 19:41:00