Multiple XSS in Alguest
Summary
- Vulnerability
- Multiple XSS in Alguest
- Discovered
- 2010.11.19
- Last Update
- n/a n/a
- ID
- EV0151
- CVE
- CVE-2010-4407
- Risk Level
- low
- Type
- Cross Site Scripting
- Status
- Unpatched. Vendor notified. No reply from developer(s).
- Vendor
- n/a
- Vulnerable Software
- Alguest (http://sourceforge.net/projects/alguest/)
- Version
- 1.1c-patched
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in Alguest (http://sourceforge.net/projects/alguest/) script.
- Multiple Cross Site Scripting
- User-defined parameters: nome, messaggio,link are not sanitized. Arbitrary XSS injection is possible. Vulnerable script: index.php.
PoC/Exploit
- XSS inj examples
- All input data is not sanitized.
Nick: <XSS inj>
Message: <XSS inj>
Homepage: javascript:<XSS inj>
Solution.
Solution for "Multiple XSS in Alguest" is not available. Check vendor's website for updates.