phpWebSite Unspecified Cross Site Scripting Vulnerability

Bugtraq ID:	51026
Class:	Input Validation Error
CVE:	CVE-2011-4265
Remote:	Yes
Local:	No
Published:	Dec 12 2011 12:00AM
Updated:	Dec 12 2011 12:00AM
Credit:	Daiki Fukumori of Cyber Defense Institute
Vulnerable:	phpWebsite phpWebsite 0.10.2 phpWebsite phpWebsite 0.10.1 + Gentoo Linux phpWebsite phpWebsite 0.10 phpWebsite phpWebsite 0.9.3 -4 phpWebsite phpWebsite 0.9.3 -3 phpWebsite phpWebsite 0.9.3 -2 phpWebsite phpWebsite 0.9.3 -1 phpWebsite phpWebsite 0.9.3 phpWebsite phpWebsite 0.8.3 phpWebsite phpWebsite 0.8.2 phpWebsite phpWebsite 0.7.3
Not Vulnerable:	phpWebsite phpWebsite 1.0.0

phpWebSite Unspecified Cross Site Scripting Vulnerability

phpWebSite is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

phpWebSite versions prior to 1.0.0 are vulnerable.

phpWebSite Unspecified Cross Site Scripting Vulnerability

Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

phpWebSite Unspecified Cross Site Scripting Vulnerability

Solution:
Vendor updates are available. Please see the references for details.

phpWebSite Unspecified Cross Site Scripting Vulnerability

References:

• JVN#70502960 phpWebSite vulnerable to cross-site scripting (JPCERT/CC and IPA)
  
• JVNDB-2011-000103 phpWebSite vulnerable to cross-site scripting (IPA)
  
• phpWebSite Homepage (Appalachian State University)