Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25283
HistoryDec 12, 2010 - 12:00 a.m.

www.eVuln.com : Non-persistent XSS in BizDir

2010-12-1200:00:00
vulners.com
69
JSON

www.eVuln.com advisory:
Non-persistent XSS in BizDir
Summary: http://evuln.com/vulns/158/summary.html
Details: http://evuln.com/vulns/158/description.html

-----------Summary-----------
eVuln ID: EV0158
Software: BizDir
Vendor: LEXIPIXEL
Version: v.05.10
Critical Level: low
Type: Cross Site Scripting
Status: Unpatched. No reply from developer(s)
PoC: Not available
Solution: Available
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )
--------Description--------
It is possible to inject xss code into f_srch parameter in bizdir.cgi script.
Parameter f_srch is not properly sanitized before being used in HTML code.
--------PoC/Exploit--------
PoC code is available at:
http://evuln.com/vulns/158/exploit.html
---------Solution----------
Available: update to latest version.
http://evuln.com/vulns/158/solution.html
----------Credit-----------
Vulnerability discovered by Aliaksandr Hartsuyeu
http://evuln.com/malicious-site.html - "FTP infection" article

JSON