Vulnerability Note VU#664422
PhpWebSite contains multiple cross-site scripting vulnerabilities
PhpWebSite contains multiple cross-site scripting vulnerabilities that may allow an attacker to execute arbitrary code on users' web browser.
PhpWebSite is an open-source web content management system. Certain PhpWebSite modules fail to properly filter URLs for malicious content. This may allow scripting code to be inserted into a URL and then executed within the users' web browser. The following PhpWebSite modules contain this vulnerability:
In addition, error pages generated by PhpWebSite are reported to be vulnerable.
An attacker may be able to execute arbitrary code in a guest or logged-in users' web browser with the privileges of that user.
Apply a Patch
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Appalachian State University||Affected||-||19 Oct 2004|
CVSS Metrics (Learn More)
This vulnerability was publicly reported by GulfTech Security.
This document was written by Jeff Gennari.
- CVE IDs: CAN-2003-0736
- Date Public: 31 Aug 2004
- Date First Published: 19 Oct 2004
- Date Last Updated: 19 Oct 2004
- Severity Metric: 0.60
- Document Revision: 128
If you have feedback, comments, or additional information about this vulnerability, please send us email.