PHPSimple Choose v0.3 suffers from XSS and html injection vulnerabilities.
8f831d2b423aa8c7415c601a52d2dcdf2781fdaf82ac8fbeea8be40c95fb6f1cPHPSimple Choose v0.3
Homepage:
http://phpsimplechoose.sourceforge.net
Description:
Do you need to add some fun to your site? Look no further. With PHPSimpleChoose you can let your users input terms and have one randomly choosen. Every bit of text is changeable, and we are working on allowing you to choose how many text boxes there are. We have also intergrated many <span> elements to allow CSS customization.
Effected files:
Input forms on PHPSimpleChoose
The input forms don't sanatize user input before dynamically generating it. This could cause users to insert malicious data.
Proof of concept:
Try entering [IMG SRC=javascript:alert('XSS')] in the input boxes.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed