Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

phpMyDirectory < 10.1.6 review.php Multiple Parameter XSS

Medium

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

The version of phpMyDirectory installed on the remote host suffers from multiple cross-site scripting vulnerabilities due to its failure to sanitize user-input to its 'review.php' script through various parameters. A remote attacker can exploit these flaws to steal cookie-based authentication credentials and perform other such attacks.

Solution

Upgrade to a version of phpMyDirectory greater than 10.1.6 when it becomes available.