Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the (1) URL query string and the (2) Sort parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phpraid | Spiffyjr | 2.9.5 (including) | 2.9.5 (including) |
References
- http://securityreason.com/securityalert/962
- http://www.securityfocus.com/archive/1/434736/100/0/threaded
- http://www.securityfocus.com/bid/18042
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26599
- http://securityreason.com/securityalert/962
- http://www.securityfocus.com/archive/1/434736/100/0/threaded
- http://www.securityfocus.com/bid/18042
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26599