Recent XSS (Cross Site Scripting) vulnerabilities
Here is short summary of recent XSS (Cross Site Scripting) vulnerabilities discovered by eVuln team. Full list with details is available on the eVuln Security Advisories page.
search - Non-persistent XSS in Social Share.
Description.
It is possible to inject xss code into search parameter in search.php script.
Parameter search is not properly sanitized before being used in HTML code.
Exploit.
XSS example: http://website/socialshare/search.php?search=<XSS>
Solution
Solution is not available.
Other details >>link and linkdescription XSS in Social Share.
Description.
It is possible to inject xss code into link and linkdescription parameters in processPost.php script.
Parameters link and linkdescription are not properly sanitized before being used in HTML code.
Exploit.
link: javascript:alert('XSS')
description: "><script>alert('XSS')</script><aaa aa="
Solution
Solution is not available.
Other details >>title,url - Non-persistent XSS in Social Share.
Description.
It is possible to inject xss code into title and url parameters in save.php script.
Parameters title, url are not properly sanitized before being used in HTML code.
Exploit.
XSS example1: http://website/socialshare/save.php?title=<XSS>
XSS example2: http://website/socialshare/save.php?url="><XSS>
Solution
Solution is not available.
Other details >>error - Non-persistent XSS in slickMsg.
Description.
It is possible to inject xss code into error parameter in views/Site/error.php script.
Parameter error is not properly sanitized before being used in HTML code.
Condition: register_globals: on
Exploit.
XSS example: http://site/slickmsg/views/Site/error.php?error=<script>alert('XSS')</script>
Solution
Solution is not available.
Other details >>BBCode CSS XSS in slickMsg.
Description.
It is possible to inject XSS code (expression) into CSS style of size and color bbcodes.
size and color values are not properly sanitized before being used in CSS code.
Note: works in MS IE
Exploit.
XSS example 1: [size=expression(alert(123))]size[/size]
XSS example 2: [color=expression(alert(456))]blue[/color]
Solution
Solution is not available.
Other details >>