Recent Non-persistent XSS vulnerabilities

Here is short summary of recent Non-persistent XSS vulnerabilities discovered by eVuln team. Full list with details is available on the eVuln Security Advisories page.

search - Non-persistent XSS in Social Share.

Description.

It is possible to inject xss code into search parameter in search.php script.

Parameter search is not properly sanitized before being used in HTML code.

Exploit.

XSS example: http://website/socialshare/search.php?search=<XSS>

Solution

Solution is not available.

Other details >>

title,url - Non-persistent XSS in Social Share.

Description.

It is possible to inject xss code into title and url parameters in save.php script.

Parameters title, url are not properly sanitized before being used in HTML code.

Exploit.

XSS example1: http://website/socialshare/save.php?title=<XSS>

XSS example2: http://website/socialshare/save.php?url="><XSS>

Solution

Solution is not available.

Other details >>

error - Non-persistent XSS in slickMsg.

Description.

It is possible to inject xss code into error parameter in views/Site/error.php script.

Parameter error is not properly sanitized before being used in HTML code.

Condition: register_globals: on

Exploit.

XSS example: http://site/slickmsg/views/Site/error.php?error=<script>alert('XSS')</script>

Solution

Solution is not available.

Other details >>

post - Non-persistent XSS in slickMsg.

Description.

It is possible to inject xss code into post parameter in views/Post/edit/form.php script.

Parameter post is not properly sanitized before being used in HTML code.

Condition: register_globals: on

Exploit.

XSS example: http://test-website/slickmsg/views/Post/edit/form.php?post=</textarea><script>alert('XSS')</script>

Solution

Solution is not available.

Other details >>

title - Non-persistent XSS in slickMsg.

Description.

It is possible to inject xss code into title parameter in views/Thread/display/top.php script.

Parameter title is not properly sanitized before being used in HTML code.

Condition: register_globals: on

Exploit.

XSS example: http://site/slickmsg/views/Thread/display/top.php?title=%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E

Solution

Solution is not available.

Other details >>
Advisories by vuln type

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>