phpMyNewsletter version 0.8 suffers from multiple cross site scripting vulnerabilities.
a094d34930a5afe71b566dbe4887954119eaed6d4301cd488869d820a52712e7HTTPCS Advisory : HTTPCS116
Product : phpMyNewsletter
Version : v0.8
Page : /admin/?page=subscribers
Variables : page=[VulnHTTPCS]
Type : XSS
Method : POST
Description : A vulnerability has been discovered in phpMyNewsletter, which can
be exploited by malicious people to conduct cross-site scripting attacks. Input
passed via the 'page' parameter to '/admin/?page=subscribers' is not properly
sanitised before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context of an
affected site.
References : https://www.httpcs.com/advisory/httpcs116
Credit : HTTPCS [Web Vulnerability Scanner]
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed