AOH :: HP Unsorted G :: B06-5233.HTM

Gcontact - Multiple XSS
Multiple XSS Vulnerability in Gcontact
Multiple XSS Vulnerability in Gcontact

Armorize Technologies Security Advisory

Advisory No:



Armorize-ADV-2006-0005 discloses multiple cross-site scripting vulnerabilities that are found in Gcontact, which is a Web based address book written in Ajax/PHP offering multi-user, multi-contacts (email,phone,icq,msn,...) & multi-address for each person, birthday reminder by email, mailing-list management, Excel export, etc.

Affected Software:
Gcontact 0.6.5

Vulnerability Description:
Cross-Site Scripting

Allows malicious users to access restricted directories and/or view data outside the normal scope which may lead to information theft and invasion of privacy.


1. Escape every questionable URI and HTML script.
2. Remove prohibited user input.

Credit: Security Team at Armorize Technologies, Inc. ( 

Additional Information:
Link to this Armorize advisory 

Links to all Armorize advisories 

Links to Armorize vulnerability database 

Armorize Technologies is delivering the world=92s most advanced source code analysis solution for Web application security based on its award-winning and patent-pending verification technologies. Addressing security early in the software development life cycle (SDLC), Armorize CodeSecure? proactively identifies and traces vulnerabilities in Web application source code, effectively hardening websites against today=92s ever growing security threats. CodeSecure?=92s zero-false-positive accuracy, traceback support and Web 2.0-based interface make it the premium Web application security solution. For more information please visit: 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to