Back to search
CVE-2004-2363
Published: Aug 16, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
Validate-Before-Canonicalize vulnerability in the checkURI function in functions.inc.php in PHPX 3.0 through 3.2.6 allows remote attackers to conduct cross-site scripting (XSS) attacks via hex-encoded tags, which bypass the check for literal "<", ">", "(", and ")" characters, as demonstrated using the limit parameter to forums.php and a variety of other vectors.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.phpx.org/project.php?action=view&project_id=1
x_refsource_MISC
10283
vdb-entry
x_refsource_BID
phpx-xss(16065)
vdb-entry
x_refsource_XF
20040504 Vulnerabilities In PHPX 3.26 And Earlier
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now