header-logo
Suggest Exploit
vendor:
Ublog
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Ublog
Affected Version From: 1.0.4
Affected Version To: 1.0.4
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004

Ublog Cross-Site Scripting Vulnerability

Ublog is affected by a cross-site scripting vulnerability. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Mitigation:

Input validation should be used to ensure that user-supplied data does not contain malicious code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12931/info

Ublog is affected by a cross-site scripting vulnerability.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Ublog 1.0.4 and prior versions are reportedly affected by this issue. 

http://www.example.com/login.asp?msg=<script>alert(XSS)</script>

Navigation

Suggest Exploit

Services By CQR