Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cpaint | Cpaint | 1.3_sp | 1.3_sp |
Cpaint | Cpaint | 2.0.1 | 2.0.1 |
Cpaint | Cpaint | 1.01 | 1.01 |
Cpaint | Cpaint | 1.2 | 1.2 |
Cpaint | Cpaint | 1.0 | 1.0 |
Cpaint | Cpaint | 2.0.2 | 2.0.2 |
Cpaint | Cpaint | 1.3 | 1.3 |
Cpaint | Cpaint | 1.3_sp1 | 1.3_sp1 |
Cpaint | Cpaint | 2.0.0 | 2.0.0 |
Cpaint | Cpaint | pre1.0 | pre1.0 |