1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA200900650

SMA-DB "startpage.php" Cross-Site Scripting Vulnerability

Report ID: SA200900650
Source: Secunia
Date of Discovery: 05.02.2009
Criticality: Low
Affects:
SMA-DB 0.x
Compromise From: From remote
Compromise Type: Cross site scripting

Summary

A vulnerability has been discovered in SMA-DB, which can be exploited by malicious people to conduct cross-site scripting attacks.

Detailed Description

Input passed via the URL to startpage.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 0.3.12. Other versions may also be affected.

Solution

Edit the source code to ensure that input is properly sanitised.