News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Secunis.com:
Travelsized CMS index.php Cross-Site Scripting Vulnerabilities
November 22, 2006 @ 08:09:00

According to this security release from Secunia, there's a cross-site scripting vulnerability with the Travelsized CMS package (PHP-based) in the main index file.

David Vieira-Kurz has discovered some vulnerabilities in Travelsized CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.

The problem comes from the input parameters "page" and "langauge" not being verified and sanitized. Users are encouraged to go in and manually edit the source to correct the problem as there is no patch currently posted as of yet. You can get complete information about this issue from the full Secunia report.

0 comments voice your opinion now!
vulnerability security crosssitescripting xss sanitize input vulnerability security crosssitescripting xss sanitize input


blog comments powered by Disqus

Similar Posts

PHPClasses.org: PHP security exploit with GIF images

FrSIRT Advisory: P-News Arbitrary PHP File Upload and Remote Information Disclosure Vulnerabilities

FrSIRT: Vivvo Article Management CMS SQL Injection and PHP File Inclusion Vulnerabilities

Sanisoft Blog: Inspekt - put a firewall in your PHP applications

Hardened-PHP Project: WordPress Vulnerability Advisories (XSS & Trackbacks)


Community Events

Don't see your event here?
Let us know!


series release laravel5 laravel api conference introduction library middleware framework development voicesoftheelephpant unittest interview podcast extension wordpress community opinion language

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework