[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PHPResidence <= 0.6 XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PHPResidence <= 0.6 XSS
From: zerogue@xxxxxxxxx
Date: 23 May 2006 17:46:26 -0000

PHPResidence <= 0.6 XSS

Discovered by: Nomenumbra
Date: 23/5/2006
impact:moderate (privilege escalation,possible defacement)

PHP Residence software doesn't sanitize any of it's input,
allowing a malicious attacker (providing he/she has an account)
to inject arbitrary HTML or javascript code

Nomenumbra

Prev by Date: Plume CMS Remote File Include
Next by Date: PHP AGTC-Membership system <= v1.1a XSS
Previous by thread: Plume CMS Remote File Include
Next by thread: PHP AGTC-Membership system <= v1.1a XSS
Index(es):
- Date
- Thread