Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27272
HistoryNov 06, 2011 - 12:00 a.m.

IBSng all version Cross-Site Scripting Vulnerability

2011-11-0600:00:00
vulners.com
191
JSON

================= APA-IUTcert =================
Title: IBSng all version Cross-Site Scripting Vulnerability
Vendor: www.parspooyesh.com
Type: Cross-Site Scripting Vulnerability
Fix: N/A

================== nsec.ir =================
Description:
Input passed via the "str" parameter to IBSng/util/show_multistr.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This bug can be exploited by malicious people with out any privilege access to conduct cross-site scripting attacks.

PoC : http://[target]/IBSng/util/show_multistr.php?str=[xss]

Original Advisory : http://nsec.ir/

Credit: Isfahan University of Technology - Computer Emergency Response Team

JSON