Flashcard 2.6.5 cross site scripting

2010.04.25
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# Exploit Title: FlashCard XSS Vulnerability # Date: 22.04.2010 # Author: Valentin # Category: webapps/0day # Version: Only tested with 2.6.5, other versions may also be affected # Tested on: # CVE : # Code : [:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::] >> General Information Advisory/Exploit Title = FlashCard XSS Vulnerability Author = Valentin Hoebel Contact = valentin@xenuser.org [:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::] >> Product information Name = FlashCard Vendor = tufat.com Vendor Website = http://www.tufat.com/script9.htm Affected Version(s) = Only tested with 2.6.5, other versions may also be affected [:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::] >> #1 Vulnerability Type = XSS Example URI = flashcard/stateless/cPlayer.php?id="><iframe src=http://www.google.de> [:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::] >> Additional Information Advisory/Exploit Published = 22.04.2010 [:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::] |:: >> Misc |:: Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase! [:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]

References:

http://www.xenuser.org/documents/security/flashcard_xss.txt
http://www.securityfocus.com/bid/39648
http://secunia.com/advisories/39484
http://packetstormsecurity.org/1004-exploits/flashcard-xss.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top