CVE-2013-7277

2014-01-08T15:30:00
ID CVE-2013-7277
Type cve
Reporter cve@mitre.org
Modified 2016-12-31T02:59:00

Description

Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php, (2) username parameter to login.php, or (3) keyword_list parameter to keysearch.php.