2 matches found
CVE-2004-2363
PHPX 3.0–3.2.6 contains a Validate-Before-Canonicalize flaw in functions.inc.php: checkURI can be bypassed with hex-encoded tags, enabling remote XSS via the limit parameter to forums.php and similar vectors. Impact is XSS without bypassing literal character checks. Affected component/function: c...
CVE-2004-2363
Validate-Before-Canonicalize vulnerability in the checkURI function in functions.inc.php in PHPX 3.0 through 3.2.6 allows remote attackers to conduct cross-site scripting XSS attacks via hex-encoded tags, which bypass the check for literal "", "", and "" characters, as demonstrated using the limi...