CVE-2013-7277 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Andy’s PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php (2) username parameter to login.php or (3) keyword_list parameter to keysearch.php.

Reference

http://aphpkb.blogspot.dk/2013/12/release-of-aphpkb-0958.html http://osvdb.org/101467 http://osvdb.org/101491 http://osvdb.org/101492 http://secunia.com/advisories/56228 http://sourceforge.net/p/aphpkb/code/91 http://www.securityfocus.com/bid/64550 https://www.netsparker.com/critical-xss-vulnerabilities-andy-php-knowledgebase