Menu

#270 CVE-2007-5072: Multiple cross-site scripting (XSS) vulnerabi

closed-fixed
nabber00
Security (24)
4
2011-12-13
2011-12-13
nabber00
No

Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog) before 0.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via certain user_colors array parameters to certain user_style.php files under themes/, as demonstrated by the user_colors[bg_color] parameter.

Discussion

  • nabber00

    nabber00 - 2011-12-13

    This was fixed in 0.5.1.

     

  • nabber00

    nabber00 - 2011-12-13
    • status: open --> closed-fixed
     

Log in to post a comment.