vendor:
N/A
by:
ViZiOn
6,4
CVSS
MEDIUM
Cross Site Scripting
79
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
TGS CMS Multiple Vulnerabilities
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Affected items: http://127.0.0.1/cms/login.php?previous_page=[XSS] Exemple: <script>alert(document.cookie)</script> The Risk: By exploiting this vulnerability, an attacker can inject malicious code in the script and can stole cookies.
Mitigation:
Encode output based on input parameters, Filter input parameters for special characters, Filter input parameters for HTML tags.