FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jpgraph2 -- XSS vulnerability

Affected packages
jpgraph2 < 3.0.7_1


VuXML ID 77b7ffb7-e937-11e5-8bed-5404a68ad561
Discovery 2009-12-22
Entry 2016-03-13

Martin Barbella reports:

JpGraph is an object oriented library for PHP that can be used to create various types of graphs which also contains support for client side image maps. The GetURLArguments function for the JpGraph's Graph class does not properly sanitize the names of get and post variables, leading to a cross site scripting vulnerability.