sitename XSS in Hot Links Lite
Summary
- Vulnerability
- sitename XSS in Hot Links Lite
- Discovered
- 2010.11.11
- Last Update
- n/a n/a
- ID
- EV0143
- CVE
- n/a
- Risk Level
- low
- Type
- Cross Site Scripting
- Status
- Unpatched. Vendor notified. No reply from developer(s)
- Vendor
- Mrcgiguy (http://www.mrcgiguy.com/)
- Vulnerable Software
- Hot Links Lite
- Version
- 1.0
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in Hot Links Lite script.
- sitename XSS in Hot Links Lite
- XSS vulnerability found in sitename parameter of process.cgi script. This can be used to insert any html or script code. Admin panel is vulnerable also.
PoC/Exploit
- sitename XSS vulnerability
- Parameter sitename is not sanitized for XSS.
- XSS Example
- sitename: <XSS>
Solution.
Solution for "sitename XSS in Hot Links Lite" is not available. Check Mrcgiguy website for updates.