#2 "domain" Cross-Site Scripting Vulnerability

[Anonymous]

From http://secunia.com/advisories/29093/

"Input passed to the "domain" parameter in mwhois.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site."

[Nobody/Anonymous]

Logged In: NO

Perhaps just "strip_tags()" would resolve this?

633a634,637
> // Sanitise Input
> $vars["domain"] = strip_tags($vars["domain"]);
> $vars["fulldomain"] = strip_tags($vars["fulldomain"]);
>