Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module.
Software | From | Fixed in |
---|---|---|
phpwebsite / phpwebsite | 0.7.3 | 0.7.3.x |
phpwebsite / phpwebsite | 0.8.2 | 0.8.2.x |
phpwebsite / phpwebsite | 0.8.3 | 0.8.3.x |
phpwebsite / phpwebsite | 0.9.3 | 0.9.3.x |
phpwebsite / phpwebsite | 0.9.3.4 | 0.9.3.4.x |