header-logo
Suggest Exploit
vendor:
pL-PHP
by:
Unknown
5.5
CVSS
MEDIUM
Cross-site scripting (XSS)
79
CWE
Product Name: pL-PHP
Affected Version From: 0.9 beta
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-site scripting vulnerability in pL-PHP

The pL-PHP application fails to properly sanitize user-supplied input, allowing an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can lead to the theft of cookie-based authentication credentials and other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize user-supplied input before using it in the application. Input validation and output encoding should be implemented to prevent the execution of arbitrary script code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/37593/info

pL-PHP is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

pL-PHP 0.9 beta is vulnerable; other versions may also be affected.

http://www.example.com/files/index.php/>"><ScRiPt>alert(213771818860)</ScRiPt>