eSyndiCat Portal System XSS Vuln.

2006.09.22

Credit: meto5757 hotmail com

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-4923

CWE: CWE-79

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

eSyndiCat Portal System has an xss bug in search.php

can be exploited from web interface

http://www.example.com/[path]/search.php?what=[xss]&search_top.x=0&searc
h_top.y=0&search_top=GO

--------------------

Discovered by meto5757

Rootshell Security Group

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

eSyndiCat Portal System XSS Vuln.

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

eSyndiCat Portal System XSS Vuln.

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.