PHPMyVisites Multiple Input Validation Vulnerabilities

phpMyVisites is prone to multiple input-validation vulnerabilities, including an HTTP-response-splitting issue, a cross-site scripting issue, and a local file-include issue, because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to:

- Influence or misrepresent how web content is served, cached, or interpreted
- Execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site
- Execute local script code in the context of the application.

This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to 2.2 Stable are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus