Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aardvark Topsites PHP 5.2.0 and 5.2.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) mail, (2) title, (3) u, and (4) url parameters. NOTE: the q parameter is already covered by CVE-2009-2302.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
avatic aardvark topsites php 5.2.1 |
||
avatic aardvark topsites php 5.2.0 |