Armorize Technologies Security Advisory
Armorize-ADV-2006-0005 discloses multiple cross-site scripting vulnerabilities that are found in Gcontact, which is a Web based address book written in Ajax/PHP offering multi-user, multi-contacts (email,phone,icq,msn,...) & multi-address for each person, birthday reminder by email, mailing-list management, Excel export, etc.
Allows malicious users to access restricted directories and/or view data outside the normal scope which may lead to information theft and invasion of privacy.
1. Escape every questionable URI and HTML script.
2. Remove prohibited user input.
Credit: Security Team at Armorize Technologies, Inc. (firstname.lastname@example.org)
Link to this Armorize advisory
Links to all Armorize advisories
Links to Armorize vulnerability database
Armorize Technologies is delivering the world=92s most advanced source code analysis solution for Web application security based on its award-winning and patent-pending verification technologies. Addressing security early in the software development life cycle (SDLC), Armorize CodeSecure? proactively identifies and traces vulnerabilities in Web application source code, effectively hardening websites against today=92s ever growing security threats. CodeSecure?=92s zero-false-positive accuracy, traceback support and Web 2.0-based interface make it the premium Web application security solution. For more information please visit: http://www.armorize.com.