Description
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) mday parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected products
- alexandre_dubus / audistat1.3 – 1.3
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/38494