PHPSimple Choose v0.3

2006-05-30 / 2006-05-31
Risk: Low
Local: No
Remote: Yes
CWE: CWE-Other


Ogólna skala CVSS: 4.3/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Częściowy
Wpływ na dostępność: Brak

PHPSimple Choose v0.3 Homepage: http://phpsimplechoose.sourceforge.net Description: Do you need to add some fun to your site? Look no further. With PHPSimpleChoose you can let your users input terms and have one randomly choosen. Every bit of text is changeable, and we are working on allowing you to choose how many text boxes there are. We have also intergrated many <span> elements to allow CSS customization. Effected files: Input forms on PHPSimpleChoose The input forms don't sanatize user input before dynamically generating it. This could cause users to insert malicious data. Proof of concept: Try entering [IMG SRC=javascript:alert('XSS')] in the input boxes.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top