XAMPP - 'Phonebook.php' Multiple Remote HTML Injection Vulnerabilities

EDB-ID:

25391




Platform:

Multiple

Date:

2005-04-12


source: https://www.securityfocus.com/bid/13127/info

XAMPP is prone to multiple remote HTML-injection vulnerabilities because the software fails to properly sanitize user-supplied input before including it in dynamically generated web content.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, which may help the attacker steal cookie-based authentication credentials and launch other attacks. 

http://www.example.com/xampp/phonebook.php?lastname=Cru3l.b0y&firstname=&phone=