PHPRecipeBook Cross-Site Scripting Vulnerability [بایگانی] - انجمن گروه آشیانه

توجه ! این یک نسخه آرشیو شده میباشد و در این حالت شما عکسی را مشاهده نمیکنید برای مشاهده کامل متن و عکسها بر روی لینک مقابل کلیک کنید : PHPRecipeBook Cross-Site Scripting Vulnerability

NI3

11-03-2003, 05:54 PM

hi all
-----------------------
TITLE:
PHPRecipeBook Cross-Site Scripting Vulnerability

SECUNIA ADVISORY ID:
SA10109

VERIFY ADVISORY:
[Only registered and activated users can see links]

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
From remote

SOFTWARE:
PHPRecipeBook 2.x

DESCRIPTION:
A vulnerability has been reported in PHPRecipeBook, which can be
exploited by malicious people to conduct Cross-Site Scripting
attacks.

The vulnerability is reportedly caused due to missing input
validation. This can be exploited by including arbitrary HTML or
script code in a recipe, which will be executed in a user's browser
session when viewed.

SOLUTION:
Update to version 2.18:
[Only registered and activated users can see links]

----------------------------------------------------------------------