Multiple XSS in Alguest

Summary

Vulnerability
Multiple XSS in Alguest
Discovered
2010.11.19
Last Update
n/a n/a
ID
EV0151
CVE
CVE-2010-4407
Risk Level
low
Type
Cross Site Scripting
Status
Unpatched. Vendor notified. No reply from developer(s).
Vendor
n/a
Vulnerable Software
Alguest (http://sourceforge.net/projects/alguest/)
Version
1.1c-patched
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in Alguest (http://sourceforge.net/projects/alguest/) script.

Multiple Cross Site Scripting
User-defined parameters: nome, messaggio,link are not sanitized. Arbitrary XSS injection is possible. Vulnerable script: index.php.

PoC/Exploit

XSS inj examples
All input data is not sanitized.

Nick: <XSS inj>

Message: <XSS inj>

Homepage: javascript:<XSS inj>

Solution.

Solution for "Multiple XSS in Alguest" is not available. Check vendor's website for updates.