Exponent Multiple Cross-Site Scripting Vulnerabilities

vendor:

Exponent

by:

SecurityFocus

7.5

CVSS

HIGH

Cross-Site Scripting

CWE

Product Name: Exponent

Affected Version From: 0.95

Affected Version To: 0.95

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

Exponent Multiple Cross-Site Scripting Vulnerabilities

Exponent is reported prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user facilitating theft of cookie-based authentication credentials and other attacks. Exponent 0.95 is reported prone to these issues. It is likely that previous versions are vulnerable as well.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12358/info

Exponent is reported prone to multiple cross-site scripting vulnerabilities.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user facilitating theft of cookie-based authentication credentials and other attacks.

Exponent 0.95 is reported prone to these issues. It is likely that previous versions are vulnerable as well. 

http://www.example.com/endon/mod.php?action=[BLABLA]&module=[XSS]
http://www.example.com/expo/index.php?action=createuser&module=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/expo/index.php?action=view&id=2&module=<h1>Tes</h1>