Info

Disclosure

Mar 26, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jan 17, 2008

Description

LinPHA contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the 'viewer.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Available
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 1.3.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

LinPHA

&amp;amp;lt;1.3.3

References

Vendor Specific News/Changelog Entry: http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup
http://linpha.sourceforge.net/wiki/index.php/Release_Notes#Version_1.3.3
Related OSVDB ID: 43735 43737 43738 43739
Secunia Advisory ID: 29525
CVE ID: 2008-1487 (see also: NVD)

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218