Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to inject arbitrary web script or HTML via (1) the val parameter to alphabet.php in an alpha.albums action, or the PATH_INFO to (2) random.php or (3) admin/hidden.php.
References
Configurations
History
No history.
Information
Published : 2007-09-11 18:17
Updated : 2024-02-04 17:13
NVD link : CVE-2007-4811
Mitre link : CVE-2007-4811
CVE.ORG link : CVE-2007-4811
JSON object : View
Products Affected
netjuke
- netjuke
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')