FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpSysInfo -- cross site scripting vulnerability

Affected packages
phpSysInfo < 2.5.1


VuXML ID 50457509-d05e-11d9-9aed-000e0c2e438a
Discovery 2005-03-22
Entry 2005-07-09
Modified 2005-12-25

A advisory reports that various cross site scripting vulnerabilities have been found in phpSysInfo. Input is not properly sanitised before it is returned to the user. A malicious person could exploit this to execute arbitrary HTML and script code in a users browser session. Also it is possible to view the full path of certain scripts by accessing them directly.


Bugtraq ID 12887
CVE Name CVE-2005-0869
CVE Name CVE-2005-0870