Multiple XSS in Alguest

Summary

Vulnerability
Multiple XSS in Alguest
Discovered
2010.11.19
Last Update
n/a n/a
ID
EV0151
CVE
CVE-2010-4407
Risk Level
low
Type
Cross Site Scripting
Status
Unpatched. Vendor notified. No reply from developer(s).
Vendor
n/a
Vulnerable Software
Alguest (http://sourceforge.net/projects/alguest/)
Version
1.1c-patched
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in Alguest (http://sourceforge.net/projects/alguest/) script.

Multiple Cross Site Scripting
User-defined parameters: nome, messaggio,link are not sanitized. Arbitrary XSS injection is possible. Vulnerable script: index.php.

PoC/Exploit

XSS inj examples
All input data is not sanitized.

Nick: <XSS inj>

Message: <XSS inj>

Homepage: javascript:<XSS inj>

Solution.

Solution for "Multiple XSS in Alguest" is not available. Check vendor's website for updates.

Order Source Code Testing

Protect against attacks by source code audit of your website or web application made by our team.The work will be done by experts in web application security.

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>