NPDS REvolution 10.02 – ‘topic’ Cross-Site Scripting

Exploit Database
18 阅读

作者： High-Tech Bridge SA

日期： 2010-05-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/33985/

source: https://www.securityfocus.com/bid/40157/info

NPDS Revolution is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

NPDS Revolution 10.02 is vulnerable; other versions may also be affected. 

http://www.example.com/viewtopic.php?topic=3"><script>alert(document.cookie)</script>&forum=1

last Exploits
NPDS REvolution 10.02 – ‘topic’ Cross-Site Scripting的更多信息

YaCOMAS 0.3.6 OpenCMS – Multiple Cross-Site Scripting Vulnerabilities：
SimplyShare 1.4 iOS – Multiple Vulnerabilities：
Netgear NMS300 ProSafe Network Management System – Multiple Vulnerabilities：
Vesta Control Panel 0.9.8 – OS Command Injection：
Gemtek CPE7000 / WLTCS-106 – Multiple Vulnerabilities：
RBS Change Complet Open Source 3.6.8 – Cross-Site Request Forgery：
Phone Shop Sales Managements System 1.0 – Arbitrary File Upload：
SpamTitan Application 5.08x – SQL Injection：