vBSEO 3.2.2/3.5.2 – Multiple Cross-Site Scripting Vulnerabilities

Exploit Database
19 阅读

作者： MaXe

日期： 2011-01-30
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35292/

source: https://www.securityfocus.com/bid/46068/info

vBSEO is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

vBSEO 3.5.2 and 3.2.2 is vulnerable; other versions may also be affected. 

<html>
<head>
<title> [XSS String] </title>
</head>
<body>
<a href="http://www.example.com/01-some-forum-thread.html">SEKSCY INJECT TIEM!</a>
</body>
</html>

last Exploits
vBSEO 3.2.2/3.5.2 – Multiple Cross-Site Scripting Vulnerabilities的更多信息

Online Food Delivery 2.04 – Authentication Bypass：
Kahf Poems 1.0 – Multiple Vulnerabilities：
Xavi 7968 ADSL Router – ‘/webconfig/lan/lan_config.html/local_lan_config?host_name_txtbox’ Cross-Site Scripting：
Powerlogic/Schneider Electric IONXXXX Series – Cross-Site Request Forgery：
Photo Server 2.0 iOS – Multiple Vulnerabilities：
Clcknshop 1.0.0 – SQL Injection：
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery：
Alienvault OSSIM/USM 5.3.1 – PHP Object Injection：