VULHUB ™

php(Reactor) is prone to cross-site scripting attacks. An attacker may create a malicious link to a php(Reactor) site which contains malicious HTML and script code. If this link is visited by a web user, the attacker-supplied code will execute in their web client, in the security context of the php(Reactor) site. This may allow for theft of cookie-based authentication credentials from legitimate authenticated users. Other attacks are also possible. This issue has been reported in php(Reactor) version 1.2.7pl1. Other versions may also be affected.

php(Reactor) is prone to cross-site scripting attacks. An attacker may create a malicious link to a php(Reactor) site which contains malicious HTML and script code. If this link is visited by a web user, the attacker-supplied code will execute in their web client, in the security context of the php(Reactor) site. This may allow for theft of cookie-based authentication credentials from legitimate authenticated users. Other attacks are also possible. This issue has been reported in php(Reactor) version 1.2.7pl1. Other versions may also be affected.