title,url - Non-persistent XSS in Social Share

Summary

Vulnerability
title,url - Non-persistent XSS in Social Share
Discovered
2010.12.06
Last Update
n/a n/a
ID
EV0164
CVE
n/a
Risk Level
low
Type
Cross Site Scripting
Status
Unpatched. Vendor notified. No reply from developer(s).
Vendor
n/a
Vulnerable Software
Social Share (http://sourceforge.net/projects/socialshare/)
Version
2010-06-05
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in Social Share (http://sourceforge.net/projects/socialshare/) script.

Non-persistent XSS
It is possible to inject xss code into title and url parameters in save.php script.

Parameters title, url are not properly sanitized before being used in HTML code.

PoC/Exploit

Non-persistent XSS Example.

XSS example1: http://website/socialshare/save.php?title=<XSS>

XSS example2: http://website/socialshare/save.php?url="><XSS>

Solution.

Solution for "title,url - Non-persistent XSS in Social Share" is not available. Check vendor's website for updates.