From: security curmudgeon <jericho@attrition.org>
To: aphpkb-devel@lists.sourceforge.net
Date: Mon, 27 Mar 2006 12:32:18 -0500 (EST)
Subject: Andy's PHP Knowledgebase (aphpkb) security vulnerability


Hi Andy,

While playing around with your knowledgebase program, I noticed that a few places didn't sanitize user input, allowing for
cross-site scripting (XSS) attacks. The following pages and variables are affected:

index.php keyword_list
submit_article.php title, article, author, keywords 
submit_question.php Question, Name, Email

This was tested on version 0.57

Brian