PHPCodeCabinet Multiple Cross-Site Scripting Vulnerabilities
BID:9645
Info
PHPCodeCabinet Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 9645 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 11 2004 12:00AM |
| Updated: | Feb 11 2004 12:00AM |
| Credit: | Disclosure of this issue is credited to Yao-Wen (Wayne) Huang. |
| Vulnerable: |
phpCodeCabinet phpCodeCabinet 0.4 phpCodeCabinet phpCodeCabinet 0.3 phpCodeCabinet phpCodeCabinet 0.2 phpCodeCabinet phpCodeCabinet 0.1 |
| Not Vulnerable: |
phpCodeCabinet phpCodeCabinet 0.5 |
Discussion
PHPCodeCabinet Multiple Cross-Site Scripting Vulnerabilities
It has been reported that a number of phpCodeCabinet scripts are prone to cross site scripting vulnerabilities. These issues are reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks.
This could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user potentially allowing for theft of cookie-based authentication credentials or other attacks.
It has been reported that a number of phpCodeCabinet scripts are prone to cross site scripting vulnerabilities. These issues are reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks.
This could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user potentially allowing for theft of cookie-based authentication credentials or other attacks.
Exploit / POC
PHPCodeCabinet Multiple Cross-Site Scripting Vulnerabilities
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
PHPCodeCabinet Multiple Cross-Site Scripting Vulnerabilities
Solution:
The vendor has released an upgrade to deal with this issue.
phpCodeCabinet phpCodeCabinet 0.1
phpCodeCabinet phpCodeCabinet 0.2
phpCodeCabinet phpCodeCabinet 0.3
phpCodeCabinet phpCodeCabinet 0.4
Solution:
The vendor has released an upgrade to deal with this issue.
phpCodeCabinet phpCodeCabinet 0.1
-
phpCodeCabinet phpcc-0.5.tar.gz
http://prdownloads.sourceforge.net/phpcodecabinet/phpcc-0.5.tar.gz
phpCodeCabinet phpCodeCabinet 0.2
-
phpCodeCabinet phpcc-0.5.tar.gz
http://prdownloads.sourceforge.net/phpcodecabinet/phpcc-0.5.tar.gz
phpCodeCabinet phpCodeCabinet 0.3
-
phpCodeCabinet phpcc-0.5.tar.gz
http://prdownloads.sourceforge.net/phpcodecabinet/phpcc-0.5.tar.gz
phpCodeCabinet phpCodeCabinet 0.4
-
phpCodeCabinet phpcc-0.5.tar.gz
http://prdownloads.sourceforge.net/phpcodecabinet/phpcc-0.5.tar.gz
References
PHPCodeCabinet Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- Project Home Page (phpCodeCabinet)