header-logo
Suggest Exploit
vendor:
pMachine
by:
SecurityFocus
3.3
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: pMachine
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

pMachine Cross-Site Scripting Vulnerability

pMachine is vulnerable to a cross-site scripting attack. The vulnerability is present in the search module. The issue presents itself likely due to insufficient sanitization performed on user-supplied data that is passed as the query to the affected module. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied code passed as the keywords URI parameter may execute within the context of the site hosting the vulnerable software when the malicious link is visited.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized before being passed to the affected module.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7981/info

Reportedly, pMachine is vulnerable to a cross-site scripting attack. The vulnerability is present in the search module. The issue presents itself likely due to insufficient sanitization performed on user-supplied data that is passed as the query to the affected module.

An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied code passed as the keywords URI parameter may execute within the context of the site hosting the vulnerable software when the malicious link is visited.

http://www.example.com/Path_To_pMachine/search/index.php?weblog=name_of_weblog&keywords=<script code>

Navigation

Suggest Exploit

Services By CQR