2014-01-08 15:00:00
mitre
PUBLISHED
Multiple cross-site scripting (XSS) vulnerabilities in Andys PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php, (2) username parameter to login.php, or (3) keyword_list parameter to keysearch.php.