PHPMyVisites Multiple Input Validation Vulnerabilities
phpMyVisites is prone to multiple input-validation vulnerabilities, including an HTTP-response-splitting issue, a cross-site scripting issue, and a local file-include issue, because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to:
- Influence or misrepresent how web content is served, cached, or interpreted
- Execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site
- Execute local script code in the context of the application.
This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to 2.2 Stable are vulnerable.