Andy’s PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities

  • Post author:
  • Reading time:1 mins read

SecPod Research Team member (Sooraj K.S) has found multiple cross-site scripting vulnerabilities in Andy’s PHP Knowledgebase. The vulnerability is caused by improper validation of various parameters in several pages. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks.

More information can be found here.