Xinha 0.96 – ‘spell-check-savedicts.php’ Multiple HTML Injection Vulnerabilities

Exploit Database
11 阅读

作者： John Leitch

日期： 2011-03-10
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35436/

source: https://www.securityfocus.com/bid/46825/info

Xinha is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Xinha 0.96.1 is vulnerable; prior versions may also be affected. Note that applications that use vulnerable versions of Xinha may also be affected. 

http://www.example.com/wikiwig5.01/_wk/Xinha/plugins/SpellChecker/spell-check-savedicts.php?to_r_list=%3Cscript%3Ealert(0)%3C%2fscript%3E

last Exploits
Xinha 0.96 – ‘spell-check-savedicts.php’ Multiple HTML Injection Vulnerabilities的更多信息

Joomla! Component com_fireboard – SQL Injection：
Open-AudIT Community 2.2.6 – Cross-Site Scripting：
WordPress Plugin Media Library Categories 1.0.6 – SQL Injection：
Virtual Airlines Manager 2.6.2 – Persistent Cross-Site Scripting：
Online Reviewer System 1.0 – Remote Code Execution (RCE) (Unauthenticated)：
Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) – Credentials Disclosure：
OpenMRS 2.3 (1.11.4) – Local File Disclosure：
almnzm 2.4 – Cross-Site Request Forgery (Add Admin)：