XAMPP - Phonebook.php Multiple Remote HTML Injection Vulnerabilities

2005-04-12T00:00:00
ID EXPLOITPACK:E4487A4AF2A04CEB463A3B5CB980DA2C
Type exploitpack
Reporter Morning Wood
Modified 2005-04-12T00:00:00

Description

XAMPP - Phonebook.php Multiple Remote HTML Injection Vulnerabilities

                                        
                                            source: https://www.securityfocus.com/bid/13127/info

XAMPP is prone to multiple remote HTML-injection vulnerabilities because the software fails to properly sanitize user-supplied input before including it in dynamically generated web content.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, which may help the attacker steal cookie-based authentication credentials and launch other attacks. 

http://www.example.com/xampp/phonebook.php?lastname=Cru3l.b0y&firstname=&phone=