XAMPP - 'Phonebook.php' Multiple Remote HTML Injection Vulnerabilities

Related Vulnerabilities: CVE-2005-1077  
Publish Date: 12 Apr 2005
Author: Morning Wood
                							

                source: http://www.securityfocus.com/bid/13127/info

XAMPP is prone to multiple remote HTML-injection vulnerabilities because the software fails to properly sanitize user-supplied input before including it in dynamically generated web content.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, which may help the attacker steal cookie-based authentication credentials and launch other attacks. 

http://www.example.com/xampp/phonebook.php?lastname=Cru3l.b0y&firstname=&phone=