Description
Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) class parameter to (a) methodTable.php, (b) code.php, and (c) details.php in browser/; and the (2) location parameter to browser/code.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Exploits (3)
exploitdb
WRITEUP
VERIFIED
by Alberto Cuesta Partida · textwebappsphp
https://www.exploit-db.com/exploits/31651
exploitdb
WRITEUP
VERIFIED
by Alberto Cuesta Partida · textwebappsphp
https://www.exploit-db.com/exploits/31653
exploitdb
WRITEUP
VERIFIED
by Alberto Cuesta Partida · textwebappsphp
https://www.exploit-db.com/exploits/31652
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41835
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28789
Scores
EPSS
0.0044
EPSS Percentile
63.5%
Details
CWE
CWE-79
Status
published
Products (1)
amfphp/amfphp
1.2
Published
Apr 23, 2008
Tracked Since
Feb 18, 2026