XSS vulnerability in old test script

JPCERT Coordination Center (JPCERT/CC) reported the following vulnerability in ADOdb. As a workaround until hotfix is released, we recommend all users to remove the whole ./tests directory; it is only used for development purposes and is not necessary for normal ADOdb operations. Report description [Reference Number] JVN#48237713 [Title] ADOdb vulnerable to cross-site scripting [Reporter Related Information] Anonymous (reporter information was not provided) [Vulnerability Information] This vulnerability was found by the reporter Product Name: ADOdb Version: 5.20.4 Language: PHP Description: Cross-site scripting Reproduction Procedure: Environment used: OS: Windows 7 Middleware: Most recent version of xampp Place the most recent version of xampp at c:\xampp Place ADOdb at C:\xampp\htdocs\AUDIT\adodb5 Using Chrome with the XSS filter turned off, access http://localhost/AUDIT/adodb5/tests/test.php?testproxy=1&amp;ADODB;_vers=V123<script>alert(1)</script> to reproduce the vulnerability. Here an alert dialog will appear. [Possible Impacts] Cookies may be stolen Pages may be defaced Other affects of XSS [Possible Workarounds] None [Proof-of-Concept Code] None [Other Information] None [Report Validation and Comments from IPA] None [Comments from JPCERT/CC] None The text was updated successfully, but these errors were encountered: All reactions