|
Description
|
|
A vulnerability has been reported in PHP Ringtone Website, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to e.g. the "mmchar0_1" and "mmsection0_1" parameters in ringtones.php is not properly sanitised by the "getparam()" JavaScript function before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
|
