- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 22810
- Проверка EDB
-
- Пройдено
- Автор
- LORENZO HERNANDEZ GARCIA-HIERRO
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2003-06-19
Код:
source: https://www.securityfocus.com/bid/7981/info
Reportedly, pMachine is vulnerable to a cross-site scripting attack. The vulnerability is present in the search module. The issue presents itself likely due to insufficient sanitization performed on user-supplied data that is passed as the query to the affected module.
An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied code passed as the keywords URI parameter may execute within the context of the site hosting the vulnerable software when the malicious link is visited.
http://www.example.com/Path_To_pMachine/search/index.php?weblog=name_of_weblog&keywords=<script code>- Источник
- www.exploit-db.com
