iFdate v1.2

2006-05-30 / 2006-05-31
Risk: Low
Local: No
Remote: Yes
CWE: CWE-Other

CVSS Base Score: 5.8/10
Impact Subscore: 4.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: None

((sorry if youget this twice, the reply page timed out)) iFdate v1.2 Homepage: http://www.ifusionservices.co.uk/products/product_ifdate.php Description: Packed full of great features, it supports themes and looks sleek, your users will be able to create & customize their very own profile page, upload pictures, rate users, create blogs. You can even upgrade them to premium tools and so much more, iFdate gives you the best performance on what a community site needs! Effected files: all input boxes XSS attack is possible if you put this in the login box as username and pw: '';!--"<XSS>=&{()}'';!--"<XSS>=&{()}<IMG SRC=javascript:alert('XSS')>'';!--"<XSS>=&{()}'';!--"<XS S>=&{()} It should also be noted that all input boxes on the site for editing your profile, sending messages, posting in the forum, along with any other input box that doesnt sanatize user input before dynamically generating it isvulnerable.

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com


Back to Top