CVE-2007-2716

Multiple cross-site scripting XSS vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to 1 listmembers.php and 2 stats.php. NOTE: some of these details are obtained from third party information...

[Full-disclosure] Cross-site Scripting in EQDKP 1.3.2c and prior

In listmembers.php, $show fails to properly sanitize user-supplied input. It's non persistent XSS :-/ Example: $path-to-eqdkp/listmembers.php?show=223E3Cplaintext3E kefka kefka at kevinbeardsucks.com Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htm...