icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

phpMyDirectory < 10.1.6 review.php Multiple Parameter XSS

Medium

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

The version of phpMyDirectory installed on the remote host suffers from multiple cross-site scripting vulnerabilities due to its failure to sanitize user-input to its 'review.php' script through various parameters. A remote attacker can exploit these flaws to steal cookie-based authentication credentials and perform other such attacks.

Solution

Upgrade to a version of phpMyDirectory greater than 10.1.6 when it becomes available.