PHPMyVisites Site Variable Cross-Site Scripting Vulnerability
BID:13357
Info
PHPMyVisites Site Variable Cross-Site Scripting Vulnerability
| Bugtraq ID: | 13357 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 25 2005 12:00AM |
| Updated: | Apr 25 2005 12:00AM |
| Credit: | Discovery is credited to benjilenoob. |
| Vulnerable: |
phpMyVisites phpMyVisites 1.3 phpMyVisites phpMyVisites 1.2.2 phpMyVisites phpMyVisites 1.2.1 phpMyVisites phpMyVisites 1.2 phpMyVisites phpMyVisites 1.1 phpMyVisites phpMyVisites 1.0 |
| Not Vulnerable: | |
Discussion
PHPMyVisites Site Variable Cross-Site Scripting Vulnerability
phpMyVisites is prone to a cross-site scripting vulnerability. As a result, attackers may embed hostile HTML and script code in a malicious link to the affected application. If the link is followed, the code may be rendered by the victim's browser in the context of the vulnerable site.
Exploitation could allow theft of cookie-based authentication credentials or other attacks.
phpMyVisites is prone to a cross-site scripting vulnerability. As a result, attackers may embed hostile HTML and script code in a malicious link to the affected application. If the link is followed, the code may be rendered by the victim's browser in the context of the vulnerable site.
Exploitation could allow theft of cookie-based authentication credentials or other attacks.
Exploit / POC
PHPMyVisites Site Variable Cross-Site Scripting Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
PHPMyVisites Site Variable Cross-Site Scripting Vulnerability
Solution:
The vendor has addressed this version in the CVS development version. An official release containing fixes is pending.
phpMyVisites phpMyVisites 1.0
phpMyVisites phpMyVisites 1.1
phpMyVisites phpMyVisites 1.2
phpMyVisites phpMyVisites 1.2.1
phpMyVisites phpMyVisites 1.2.2
phpMyVisites phpMyVisites 1.3
Solution:
The vendor has addressed this version in the CVS development version. An official release containing fixes is pending.
phpMyVisites phpMyVisites 1.0
-
phpMyVisites phpmyvisites-cvsroot.tar.bz2
http://cvs.sourceforge.net/cvstarballs/phpmyvisites-cvsroot.tar.bz2
phpMyVisites phpMyVisites 1.1
-
phpMyVisites phpmyvisites-cvsroot.tar.bz2
http://cvs.sourceforge.net/cvstarballs/phpmyvisites-cvsroot.tar.bz2
phpMyVisites phpMyVisites 1.2
-
phpMyVisites phpmyvisites-cvsroot.tar.bz2
http://cvs.sourceforge.net/cvstarballs/phpmyvisites-cvsroot.tar.bz2
phpMyVisites phpMyVisites 1.2.1
-
phpMyVisites phpmyvisites-cvsroot.tar.bz2
http://cvs.sourceforge.net/cvstarballs/phpmyvisites-cvsroot.tar.bz2
phpMyVisites phpMyVisites 1.2.2
-
phpMyVisites phpmyvisites-cvsroot.tar.bz2
http://cvs.sourceforge.net/cvstarballs/phpmyvisites-cvsroot.tar.bz2
phpMyVisites phpMyVisites 1.3
-
phpMyVisites phpmyvisites-cvsroot.tar.bz2
http://cvs.sourceforge.net/cvstarballs/phpmyvisites-cvsroot.tar.bz2
References
PHPMyVisites Site Variable Cross-Site Scripting Vulnerability
References:
References:
- phpMyVisites Homepage (phpMyVisites)