Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Security Vulnerabilities

Web Technology Wire

phpvid_1

Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Security Vulnerabilities

Exploit Title: Vastal I-tech phpVID Multiple XSS Security Vulnerabilities

Product: phpVID

Vendor: Vastal I-tech

Vulnerable Versions: 1.2.3 0.9.9

Tested Version: 1.2.3 0.9.9

Advisory Publication: March 10, 2015

Latest Update: March 10, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Advisory Details:

(1) Vendor & Product Description:


Vendor:

Vastal I-tech

Product & Vulnerable Versions:

phpVID

1.2.3

0.9.9

Vendor URL & Download:

phpVID can be bought from here,

http://www.vastal.com/phpvid-the-video-sharing-software.html#.VP7aQ4V5MxA

Product Introduction:

“phpVID is a video sharing software or a video shating script and has all the features that are needed to run a successful video sharing website like youtube.com. The features include the following. phpVID is the best youtube clone available. The latest…

View original post 308 more words

Advertisements
This entry was posted in Articles. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s