PHPMyWind has Reflected Cross-Site Scripting Vulnerability Description
- Author: YUNG-HAO TSENG, Eddie TC CHANG, YU-HSIANG HUANG
- Contact: 0xuhaw@gmail.com; eddietcchang@gmail.com; huang.yuhsiang.phone@gmail.com
Testing Target
- Product:PHPMyWind
- Version:5.5
- Official Website:http://phpmywind.com/
- Affect:All Version <= 5.5
Abstract
An issue was discovered in PHPMyWind 5.5. The method parameter of the connect.php page has a reflected Cross-site Scripting (XSS) vulnerability.




