header-logo
Suggest Exploit
vendor:
SurgeLDAP
by:
SecurityFocus
4.3
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: SurgeLDAP
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

SurgeLDAP Cross-Site Scripting Vulnerability

SurgeLDAP is vulnerable to Cross-Site Scripting attacks, allowing remote attackers to inject malicious HTML and script code into the user's browser when a malicious link is visited. This issue exists in the web server component of SurgeLDAP.

Mitigation:

Ensure that user input is properly sanitized and filtered before being used in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8407/info

SurgeLDAP is prone to cross-site scripting attacks. Remote attackers may exploit this issue by enticing a user to visiting a malicious link that includes hostile HTML and script code. This code may be rendered in the user's browser when the link is visited.

This issue exists in the web server component of SurgeLDAP.

http://www.example.com:6680/user.cgi?cmd=<script>alert('C.S.S')</script>&utoken=

Navigation

Suggest Exploit

Services By CQR