Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 up to and including 1.2.1b allows remote malicious users to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
coinsoft technologies phpcoin 1.2.1b |
||
coinsoft technologies phpcoin 1.2 |
||
coinsoft technologies phpcoin 1.2.1 |