Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript 2.0 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the gamename parameter in tellafriend.php, (2) the login_status parameter in loginbox.php, (3) the submissionstatus parameter in index.php, the (4) cell_title_background_color and (5) browse_cat_name parameters in browse.php, the (6) gamefile parameter in displaygame.php, and (7) possibly other parameters in unspecified PHP scripts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phparcadescript phparcadescript 2.0 |