Preation Eden Platform 27.7.2010 – Multiple HTML Injection Vulnerabilities

Exploit Database
31 阅读

作者： High-Tech Bridge SA

日期： 2010-08-09
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/34430/

source: https://www.securityfocus.com/bid/42321/info

Preation Eden Platform is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Preation Eden Platform 27.07.2010 is vulnerable; prior versions may also be affected. 

<script>alert(document.cookie)</script>

last Exploits
Preation Eden Platform 27.7.2010 – Multiple HTML Injection Vulnerabilities的更多信息

Pandora FMS 3.1 – Authentication Bypass：
ADOdb < 4.71 - Cross Site Scripting：
SmarterMail < 7.2.3925 - Persistent Cross-Site Scripting：
WordPress Plugin Photocart Link 1.6 – Local File Inclusion：
emailarchitect enterprise email server 10.0 – Persistent Cross-Site Scripting：
Atlassian Confluence 5.2/5.8.14/5.8.15 – Multiple Vulnerabilities：
MySQLDumper 1.24.4 – ‘menu.php’ PHP Remote Code Execution：
enano CMS 1.1.7pl1 – Multiple Vulnerabilities：