Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpwebsite phpwebsite 0.7.3 |
||
phpwebsite phpwebsite 0.9.3 |
||
phpwebsite phpwebsite 0.9.3.4 |
||
phpwebsite phpwebsite 0.8.2 |
||
phpwebsite phpwebsite 0.8.3 |