phpLinks is an open source free PHP script. phpLinks allows you to run a very powerful link
farm or search engine. phpLinks has multilevel site categorization, infinite threaded search
capabilities and more.
Search Script Injection Vulnerability:
phpLinks is prone to HTML injection due to a vulnerability in the search feature.
Search queries are not sufficiently sanitized of HTML and script code. These search
queries may potentially be displayed to other users when the most popular searches
are viewed. If an attacker includes malicious HTML or script code in these queries,
it is possible that the attacker-supplied code may be rendered in the web client software
of other users.
Add Site Script Injection Vulnerability:
phpLinks does not sufficiently sanitized HTML and script code supplied via form fields
before displaying this data to administrative users. This issue exists in the 'add.php'
script, which is used to add sites to the phpLinks system. As a result, an attacker may
cause malicious HTML and script code to be executed in the web client of an administrative
user who reviews attacker-supplied data submitted when a site is added.