Multiple XSS in Alguest
Summary
- Vulnerability
- Multiple XSS in Alguest
- Discovered
- 2010.11.19
- Last Update
- n/a n/a
- ID
- EV0151
- CVE
- CVE-2010-4407
- Risk Level
- low
- Type
- Cross Site Scripting
- Status
- Unpatched. Vendor notified. No reply from developer(s).
- Vendor
- n/a
- Vulnerable Software
- Alguest (http://sourceforge.net/projects/alguest/)
- Version
- 1.1c-patched
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in Alguest (http://sourceforge.net/projects/alguest/) script.
- Multiple Cross Site Scripting
- User-defined parameters: nome, messaggio,link are not sanitized. Arbitrary XSS injection is possible. Vulnerable script: index.php.
PoC/Exploit
- XSS inj examples
- All input data is not sanitized.
Nick: <XSS inj>
Message: <XSS inj>
Homepage: javascript:<XSS inj>
Solution.
Solution for "Multiple XSS in Alguest" is not available. Check vendor's website for updates.
Order Source Code Testing
Protect against attacks by source code audit of your website or web application made by our team.The work will be done by experts in web application security.