XAMPP - 'Phonebook.php' Multiple Remote HTML Injection Vulnerabilities

Author: Morning Wood
type: remote
platform: multiple
port: 
date_added: 2005-04-12  
date_updated: 2013-05-13  
verified: 1  
codes: CVE-2005-1077;OSVDB-15634  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 25391.txt  
source: https://www.securityfocus.com/bid/13127/info

XAMPP is prone to multiple remote HTML-injection vulnerabilities because the software fails to properly sanitize user-supplied input before including it in dynamically generated web content.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, which may help the attacker steal cookie-based authentication credentials and launch other attacks.

http://www.example.com/xampp/phonebook.php?lastname=Cru3l.b0y&firstname=&phone=