Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phpcms | Phpcms | 1.1.9 (including) | 1.1.9 (including) |
Phpcms | Phpcms | 1.2 (including) | 1.2 (including) |
Phpcms | Phpcms | 1.2.1 (including) | 1.2.1 (including) |