CPAINT 1.3/2.0.2 - 'TYPE.php' Cross-Site Scripting

EDB-ID:

27173




Platform:

PHP

Date:

2006-02-08


source: https://www.securityfocus.com/bid/16559/info

CPAINT is prone to a cross-site scripting vulnerability.

This issue affects the 'type.php' script and may facilitate the theft of cookie-based authentication credentials as well as other attacks.


CPAINT 2.0.2 and prior versions are affected.

http://www.example.com/examples/type/type.php?cpaint_response_type=%3Ciframe%20src=http://www.gulftech.org/%3E