FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpSysInfo -- cross site scripting vulnerability

Affected packages
phpSysInfo < 2.5.1

Details

VuXML ID 50457509-d05e-11d9-9aed-000e0c2e438a
Discovery 2005-03-22
Entry 2005-07-09
Modified 2005-12-25

A Securityreason.com advisory reports that various cross site scripting vulnerabilities have been found in phpSysInfo. Input is not properly sanitised before it is returned to the user. A malicious person could exploit this to execute arbitrary HTML and script code in a users browser session. Also it is possible to view the full path of certain scripts by accessing them directly.

References

Bugtraq ID 12887
CVE Name CVE-2005-0869
CVE Name CVE-2005-0870
Message 20050323180207.11987.qmail@www.securityfocus.com