PHPDeveloper.org: Secubos.com: Cross-Site Scripting Vulnerability in phpFaber

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

News Archive

PHPMaster.com: Data Structures for PHP Devs: Stacks and Queues

Alessandro Nadalin: Integrating Twig in Your Legacy PHP Code

Fabien Potencier: Packing a Symfony full-stack Framework Application in one File - Bootstrapping

Community News: Packagist Latest Releases for 06.18.2013

Community News: Latest PECL Releases for 06.18.2013

Sameer Borate: Simple user authentication in Laravel 4

php|architect: Re: Branding php[architect]

/Dev/Hell Podcast: Episode 33: Pol Pot-level Sucks

MaltBlue.com: Using ZFTool for Basic Project Management

Fabien Potencier: Packing a Symfony full-stack Framework Application in one File - Introduction

Secubos.com:
Cross-Site Scripting Vulnerability in phpFaber

by Chris Cornutt October 31, 2006 @ 11:17:00

A cross-site scripting bug has been announced on the Secuobs.com website for the phpFaber content management system.

Vigilon has reported a vulnerability in phpFaber CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the URL in cms_images/js/htmlarea/htmlarea.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

For complete information on the issue, check out this report.

0 comments voice your opinion now!
security issue crosssite scripting xss phpfaber security issue crosssite scripting xss phpfaber

blog comments powered by Disqus

Similar Posts

Hardened-PHP Project: Advisory - PHProjekt (Remote) Include Vulnerabilities

PHPBuilder.com: Pro PHP Security / Preventing SQL Injection, Part 3

WebReference.com: Working With Forms

Robert Basic's Blog: A hack for Zend Framework’s translated route segments

PHPMaster.com: PHP Sessions

Community Events

Don't see your event here?
Let us know!

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework