2 matches found
CVE-2015-2926
Cross-site scripting XSS vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header to index.php...
CVE-2015-2926
The CVE-2015-2926 entry concerns phpTrafficA up to version 2.3, where the user-supplied HTTP User-Agent string is not sanitized before being echoed in the Latest visitors Details page (Php/stats/statsRecent.inc.php). This causes a reflected XSS vulnerability (HTML/JS injection) when the page outp...