Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2) from parameter in cp/index.php, and (3) action parameter in cp/admin_index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
accomplishtechnology phpmydirectory 1.0.6 |
||
accomplishtechnology phpmydirectory 1.0.7 |
||
accomplishtechnology phpmydirectory 1.0.1 |
||
accomplishtechnology phpmydirectory 1.1.2 |
||
accomplishtechnology phpmydirectory 1.1.5 |
||
accomplishtechnology phpmydirectory 1.2.0 |
||
accomplishtechnology phpmydirectory 1.3.0 |
||
accomplishtechnology phpmydirectory 1.4.0 |
||
accomplishtechnology phpmydirectory 1.3.5 |
||
accomplishtechnology phpmydirectory 10.4.4 |
||
accomplishtechnology phpmydirectory 10.1.3 |
||
accomplishtechnology phpmydirectory 1.0.5 |
||
accomplishtechnology phpmydirectory 1.0 |
||
accomplishtechnology phpmydirectory 1.1.7 |
||
accomplishtechnology phpmydirectory 1.1.4 |
||
accomplishtechnology phpmydirectory 1.3.1 |
||
accomplishtechnology phpmydirectory 1.2.1 |
||
accomplishtechnology phpmydirectory |
||
accomplishtechnology phpmydirectory 1.0.8 |
||
accomplishtechnology phpmydirectory 1.0.9 |
||
accomplishtechnology phpmydirectory 1.0.2 |
||
accomplishtechnology phpmydirectory 1.1.3 |
||
accomplishtechnology phpmydirectory 1.1.0 |
||
accomplishtechnology phpmydirectory 1.1.8 |
||
accomplishtechnology phpmydirectory 1.3.4 |
||
accomplishtechnology phpmydirectory 1.3.2 |
||
accomplishtechnology phpmydirectory 1.0.3 |
||
accomplishtechnology phpmydirectory 1.0.4 |
||
accomplishtechnology phpmydirectory 1.1.1 |
||
accomplishtechnology phpmydirectory 1.1.6 |
||
accomplishtechnology phpmydirectory 1.1.9 |
||
accomplishtechnology phpmydirectory 1.3.3 |
||
accomplishtechnology phpmydirectory 1.4.1 |