[原文]Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in report.php, (3) search_term parameter (aka the "search box") in search_reviews.php, (4) the profile field in usercp/profile_edit1.php, and the (5) review field in review_form.php.
Five Star Review Script index2.php sort Parameter XSS
Remote / Network Access
Loss of Integrity
Five Star Review contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the sort variable upon submission to the index2.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Upgrade to the latest version (July 2006) or higher, as it has been reported to fix this vulnerability. Note that this flaw was fixed in the July 2006 release without a change in version number. An upgrade is required as there are no known workarounds.
luny is credited with the discovery of these vulnerabilities.
Review-Script.com Five Star Review Script 0
Five Star Review Script is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker can exploit these issues to run arbitrary HTML and script code in the browser of a victim in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.
Attackers can use a browser to exploit these issues.
The following proof-of-concept URIs are available: