phpSysInfo -- cross site scripting vulnerability

2005-03-22T00:00:00
ID 50457509-D05E-11D9-9AED-000E0C2E438A
Type freebsd
Reporter FreeBSD
Modified 2005-12-25T00:00:00

Description

A Securityreason.com advisory reports that various cross site scripting vulnerabilities have been found in phpSysInfo. Input is not properly sanitised before it is returned to the user. A malicious person could exploit this to execute arbitrary HTML and script code in a users browser session. Also it is possible to view the full path of certain scripts by accessing them directly.