[This was originally published on OSVDB, now gone. VulnDB IDs 24310, 24311, 24312]
From: security curmudgeon
To: aphpkb-devel[at]lists.sourceforge.net
Date: Mon, 27 Mar 2006 12:32:18 -0500 (EST)
Subject: Andy’s PHP Knowledgebase (aphpkb) security vulnerability
Hi Andy,
While playing around with your knowledgebase program, I noticed that a few places didn’t sanitize user input, allowing for cross-site scripting (XSS) attacks. The following pages and variables are affected:
index.php keyword_list
submit_article.php title, article, author, keywords
submit_question.php Question, Name, Email
This was tested on version 0.57