post - Non-persistent XSS in slickMsg
- post - Non-persistent XSS in slickMsg
- Last Update
- n/a n/a
- Risk Level
- Cross Site Scripting
- Unpatched. Vendor notified. No reply from developer(s).
- Vulnerable Software
- slickMsg (http://slickmsg.sourceforge.net/)
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Cross Site Scripting found in slickMsg (http://slickmsg.sourceforge.net/) script.
- Non-persistent XSS
- It is possible to inject xss code into post parameter in views/Post/edit/form.php script.
Parameter post is not properly sanitized before being used in HTML code.
Condition: register_globals: on
Non-persistent XSS Example.
XSS example: http://test-website/slickmsg/views/Post/edit/form.php?post=</textarea><script>alert('XSS')</script>
Solution for "post - Non-persistent XSS in slickMsg" is not available. Check vendor's website for updates.
Order Source Code Review made by eVuln
Prevent hacker attacks by source code analysis of your website done by Aliaksandr Hartsuyeu.The order will be done by experts in website security.