Cross-Site Scripting Vulnerabilities in PHP Address Book by Open Source Community
CVE-2012-2903

Currently unrated

Key Information:

Vendor

Chatelao

Status
PHP Address Book
Vendor
CVE Published:
21 May 2012

What is CVE-2012-2903?

Multiple cross-site scripting (XSS) vulnerabilities exist in PHP Address Book, specifically in versions 7.0 and earlier. These vulnerabilities enable remote attackers to inject arbitrary web scripts or HTML through specific input fields. One of the affected areas is the PATH_INFO parameter in group.php, as well as the target_language and target_flag parameters in translate.php. Exploitation of these vulnerabilities could lead to unauthorized script execution in the user's browser, potentially compromising sensitive information or allowing further penetration into the affected environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/53598
vdb-entryx_refsource_BID
http://secunia.com/advisories/49212
third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/75703
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.