Non-persistent XSS in WWWThreads (perl version)
- Non-persistent XSS in WWWThreads (perl version)
- Last Update
- n/a n/a
- Risk Level
- Cross Site Scripting
- Unpatched. Vendor notified. No reply from developer(s).
- WWWThreads (http://www.wwwthreads.com/)
- Vulnerable Software
- WWWThreads (perl version)
- v5.0.8 Pro (perl version)
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Cross Site Scripting found in WWWThreads (perl version) script.
- Non-persistent XSS
- It is possible to inject xss code into view parameter in showflat.pl script.
Parameter view is not sanitized before being used in HTML code.
Non-persistent XSS Example.
XSS example: http://website/cgi-bin/forum/showflat.pl?Cat=&Board=forum&Number=111&page=0&view="<XSS>expanded&sb=1&part=all&vc=1
Solution for "Non-persistent XSS in WWWThreads (perl version)" is not available. Check WWWThreads website for updates.
Order PHP Code Audit made by eVuln
Protect your website by source code audit of your site or web application done by our team.The work will be done by experts in website security.