|
Description
|
|
Multiple vulnerabilities have been identified in Scriptsez Ez Poll Hoster, which could be exploited to conduct cross site scripting and request forgery attacks.
The first issue is caused due to input validation errors when processing HTTP requests e.g. passed to "admin.php", which could be exploited by attackers to manipulate certain data (e.g. delete polls or user accounts) by tricking an administrator into visiting a malicious web page.
The second issue is caused by input validation errors in the "index.php" and "profile.php" scripts when processing the "pid" and "uid" parameters, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected site.
|
