[原文]Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter.
phpWebThing contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'forum' parameter upon submission to the 'forum.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
-
时间线
2005-11-04
Unknow
2005-11-04
2005-11-07
-
解决方案
The vendor has discontinued this product and therefore has no patch or upgrade that mitigates this problem as the vendor-supplied link to the patch, also no longer works. It is recommended that an alternate software package be used in its place.