Mouse Media Script Stored XSS Vulnerability

vendor:

Mouse Media Script

by:

Halil Dalabasmaz

8,8

CVSS

HIGH

Stored XSS

CWE

Product Name: Mouse Media Script

Affected Version From: v1.6

Affected Version To: v1.6

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Kali Linux & Iceweasel 31.2.0

2014

Mouse Media Script Stored XSS Vulnerability

Login to system and upload any of your image. When uploading the image, the attacker needs to enter the XSS payload to 'Title' or 'Description' inputs. All visitors and logged users will be affected by this vulnerability.

Mitigation:

Input validation and output encoding should be used to prevent XSS attacks.

Source

Exploit-DB raw data:

# Exploit Title: Mouse Media Script Stored XSS Vulnerability
# Google Dork: "is your best source of fun." inurl:/view/popular
# Date: 04-10-2014
# Exploit Author: Halil Dalabasmaz
# Version: v1.6
# Software Link: http://codecanyon.net/item/mouse-media-script/7773254
# Software Test Link: http://media.nisgeo.com
# Tested on: Kali Linux & Iceweasel 31.2.0
# Sample Payload: "><script>alert(document.cookie);</script>

# Attack Description:    Login to system and upload any of your image. When
uploading the image you need to enter the XSS payload to "Title" or
"Description" inputs. And then you can visit thıs home page to check the
uploaded payload. All these uploaded image and payload were completed
succesfully then all visitors and logged users will be affected by this
vulnerability.