QwikSec

Security Database

CVE

CWE

Training

CVE-2005-0670

Published: Mar 7, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

http://forums.phpcoin.com/index.php?showtopic=4118

x_refsource_CONFIRM

http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html

x_refsource_MISC

http://forums.phpcoin.com/index.php?showtopic=4101

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

http://forums.phpcoin.com/index.php?showtopic=4116

x_refsource_CONFIRM

phpcoin-xss(19572)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.