Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25170
HistoryNov 24, 2010 - 12:00 a.m.

[eVuln.com] URL and Title XSS in AxsLinks

2010-11-2400:00:00
vulners.com
280
JSON

New eVuln Advisory:
URL and Title XSS in AxsLinks
http://evuln.com/vulns/139/summary.html

-----------Summary-----------
eVuln ID: EV0139
Software: AxsLinks
Vendor: AXScripts
Version: 0.3
Critical Level: medium
Type: Cross Site Scripting
Status: Unpatched. No reply from developer(s)
PoC: Not available
Not available
Solution: Available
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )
--------Description--------
User-defined parameters "url" and "title" (script "addlink.php") are not properly sanitized. XSS is possibl.
--------PoC/Exploit--------
Will be available soon at http://evuln.com/vulns/139/exploit.html
---------Solution----------
Available at http://evuln.com/vulns/139/solution.html
----------Credit-----------
Vulnerability discovered by Aliaksandr Hartsuyeu
http://evuln.com/tool/php-security.html - PHP sources Online Analyzer

JSON