|HIO-2009-0417 IPPlan 4.91 Multiple Vulnerabilities|
IPPlan 4.91a contains flaws that allow cross site request forgery and cross site scripting.
1) Input passed to the "grp" parameter in admin/usermanager is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
|< Prev||Next >|