Exploit Crafty Syntax Live Help 2.7.3 - Multiple HTML Injection Vulnerabilities

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
24169
Проверка EDB
  1. Пройдено
Автор
HNK TECHNOLOGY SOLUTIONS
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2004-2355
Дата публикации
2004-06-04
Код:
source: https://www.securityfocus.com/bid/10463/info

CSLH is prone to multiple HTML injection vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. The problem presents itself in various modules of the application and can allow remote attackers to inject HTML code into the name field and in chat sessions for live help.

Crafy Syntax Live Help 2.7.3 and prior versions are prone to these issues. 

window.location("http://www.cgisecurity.com/articles/xss-faq.shtml");
window.location("http://livehelp.someisp.com/livehelp/operators.php?remove=1")
 
Источник
www.exploit-db.com

Похожие темы