Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two 1.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the id parameter to index.php, or the (2) site_id, (3) nom, (4) email, or (5) commentaire parameters in commentaires.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
annuaire 1two |
||
annuaire 1two 1.0 |