Description
Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote attackers to inject arbitrary web script or HTML via the (1) height or (2) width parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Gjoko Krstic · textwebappsphp
https://www.exploit-db.com/exploits/34609
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/43020
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8439
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41295
Third Party Advisory x_refsource_misc
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4962.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/67838
Exploit, Third Party Advisory x_refsource_misc
http://www.packetstormsecurity.org/1009-advisories/ZSL-2010-4962.txt
Scores
EPSS
0.0590
EPSS Percentile
90.7%
Details
CWE
CWE-79
Status
published
Products (1)
squiz/mysource_matrix
3.28.3
Published
Oct 08, 2011
Tracked Since
Feb 18, 2026