N/A

Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct.

N/A

N/A

PHP Handicapper多个跨站脚本攻击漏洞

PHP Handicapper是一款运行多种体育信息和投注预测网上业务的系统。 PHP Handicapper中的跨站脚本攻击(XSS)漏洞可让远程攻击者通过msg.php的smg参数注入任意Web脚本或HTML。注意：某些消息来源确定process_signup.phpfy登录参数中有第二个矢量，但原始消息来源声称那是由于CRLF注入。

N/A

N/A