PHPReactor Global.INC.PHP Cross Site Scripting Vulnerability

php(Reactor) is an integrated system of web applications designed for easy website maintenance. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.

It is reported that php(Reactor) is vulnerable to cross site scripting attacks.

Attackers may exploit this vulnerability by constructing a link to one of these scripts containing malicious HTML code. If the link is sent to a php(Reactor) user and clicked on, the attacker-supplied HTML code will run in the context of the user's php(Reactor) session. The HTML code may obtain cookie values or perform unauthorized actions as the victim user.


 

Privacy Statement
Copyright 2010, SecurityFocus