Description
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
Remediation
References
Related Vulnerabilities
MediaWiki Uncontrolled Resource Consumption Vulnerability (CVE-2024-34506)
AngularJS Inefficient Regular Expression Complexity Vulnerability (CVE-2023-26117)
WordPress Plugin Enable Media Replace Arbitrary File Upload (4.0.1)
WordPress Plugin Interactive Geo Maps Cross-Site Scripting (1.5.10)
WordPress Plugin Ocean Extra Multiple Vulnerabilities (2.1.2)