XHProf 'run' Parameter Cross Site Scripting Vulnerability

XHProf is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

Attackers can exploit this issue to steal cookie-based authentication information, execute arbitrary client-side scripts in the context of the browser, and obtain sensitive information. Other attacks are also possible.

XHProf versions 0.9.3 and prior are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus