PHP Link Directory Link Submission HTML Injection Vulnerability

Bugtraq ID:	22174
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 22 2007 12:00AM
Updated:	Jan 25 2007 04:25PM
Credit:	Jussi Vuokoo and Henri Lindberg are been credited with the discovery of this vulnerability.
Vulnerable:	PHP Link Directory PHP Link Directory 3.0.6
Not Vulnerable:	PHP Link Directory PHP Link Directory 3.0.7

PHP Link Directory Link Submission HTML Injection Vulnerability

PHP Link Directory is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code may run in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

This issue affects PHP Link Directory 3.0.6 and prior versions.

PHP Link Directory Link Submission HTML Injection Vulnerability

An attacker can exploit this issue through a web client.

PHP Link Directory Link Submission HTML Injection Vulnerability

Solution:
The vendor released an update to address this issue. Please contact the vendor for information on how to obtain and apply this update.

PHP Link Directory Link Submission HTML Injection Vulnerability

References:

• PHP Link Directory Homepage (PHP Link Directory )
  
• PHP Link Directory XSS Vulnerability version <= 3.0.6 ([email protected])