phpMyDirectory < 10.1.6 review.php Multiple Parameter XSS
Medium Nessus Network Monitor Plugin ID 2774
SynopsisThe remote host is vulnerable to a Cross-Site Scripting (XSS) attack.
DescriptionThe version of phpMyDirectory installed on the remote host suffers from multiple cross-site scripting vulnerabilities due to its failure to sanitize user-input to its 'review.php' script through various parameters. A remote attacker can exploit these flaws to steal cookie-based authentication credentials and perform other such attacks.
SolutionUpgrade to a version of phpMyDirectory greater than 10.1.6 when it becomes available.