Description
Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wagner phpstats 0.1 alpha allows remote attackers to inject arbitrary web script or HTML via the baseDir parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Hanno Boeck · textwebappsphp
https://www.exploit-db.com/exploits/31414
References (4)
Core 4
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28291
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41261
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489722/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3765
Scores
EPSS
0.0029
EPSS Percentile
52.3%
Details
CWE
CWE-79
Status
published
Products (1)
phpstats/phpstats
0.1_alpha
Published
Mar 24, 2008
Tracked Since
Feb 18, 2026