Real Estate Portal v4.1 Multiple Persistent XSS Vulnerabilities

Risk: Low
Local: No
Remote: Yes

Real Estate Portal v4.1 Multiple Persistent XSS Vulnerabilities Vendor: NetArt Media Product web page: Affected version: 4.1 Summary: Real Estate Portal is a software written in PHP, allowing you to launch powerful and professional looking real estate portals with rich functionalities for the private sellers, buyers and real estate agents to list properties for sale or rent, search in the database, show featured ads and many others. The private sellers can manage their ads at any time through their personal administration space. Desc: Real Estate Portal suffers from multiple persistent cross-site scripting vulnerabilities. The issue is triggered when input passed via multiple POST parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Tested on: nginx/1.10.0 PHP/5.2.17 MySQL/5.1.66 Vulnerability discovered by Bikramaditya Guha aka "PhoenixX" @zeroscience Advisory ID: ZSL-2016-5325 Advisory URL: 06.05.2016 --- 1. Persistent Cross Site Scripting: ----------------------------------- http://localhost/USERS/index.php Parameters: title, html, headline, size, youtube_id, address, latitude, longitude, user_first_name, user_last_name, agency, user_phone, user_email, website (POST) Payload: " onmousemove=alert(1)


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024,


Back to Top