VULHUB ™

PHPRecipeBook 2.18 has been released to address an unspecified cross-site scripting vulnerability. This issue is likely due to insufficient sanitization of HTML from URI parameters, which will be displayed in web pages that are dynamically generated by the software. An attacker could exploit this issue by enticing a user to follow a malicious link. This could theoretically allow for theft of cookie-based authentication credentials or other attacks. It should also be noted that the vendor has reported that HTML and script code will now be sanitized (as of version 2.18) before being included in recipes as a measure to mitigate against potential HTML injection attacks. This could allow users to inject hostile HTML into a PHPRecipeBook site if successfully exploited.

PHPRecipeBook 2.18 has been released to address an unspecified cross-site scripting vulnerability. This issue is likely due to insufficient sanitization of HTML from URI parameters, which will be displayed in web pages that are dynamically generated by the software. An attacker could exploit this issue by enticing a user to follow a malicious link. This could theoretically allow for theft of cookie-based authentication credentials or other attacks. It should also be noted that the vendor has reported that HTML and script code will now be sanitized (as of version 2.18) before being included in recipes as a measure to mitigate against potential HTML injection attacks. This could allow users to inject hostile HTML into a PHPRecipeBook site if successfully exploited.