header-logo
Suggest Exploit
vendor:
PHP Directory Listing
by:
Not disclosed
7.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: PHP Directory Listing
Affected Version From: PHP Directory Listing script 3.1
Affected Version To: Potentially affects prior versions
Patch Exists: NO
Related CWE: Not provided
CPE: a:php_directory_listing_project:php_directory_listing:3.1
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

PHP Directory Listing Cross-Site Scripting Vulnerability

The PHP Directory Listing script is prone to a cross-site scripting vulnerability. This vulnerability occurs because the script fails to sufficiently sanitize user-supplied data. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, within the context of the affected site. By doing so, the attacker may be able to steal cookie-based authentication credentials and launch further attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user-supplied input to ensure that it does not contain malicious code or scripts. Additionally, implementing a strict content security policy (CSP) can help prevent XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47727/info

PHP Directory Listing is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

PHP Directory Listing script 3.1 is vulnerable; prior versions may also be affected. 

http://www.example.com/index.php/[xss]

Navigation

Suggest Exploit

Services By CQR