• info
• discussion
• exploit
• solution
• references

E-Friends CVE-2007-4080 Cross-Site Scripting Vulnerability

E-Friends is prone to a cross-site scripting vulnerability. Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564.