header-logo
Suggest Exploit
vendor:
WWWThread
by:
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: WWWThread
Affected Version From: 5.0.8 Pro
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Cross-Site Scripting Vulnerability in WWWThread

The application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user, potentially stealing authentication credentials and launching other attacks.

Mitigation:

Proper input validation and sanitization should be implemented to prevent cross-site scripting vulnerabilities. Regular security updates and patches should be applied.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/45303/info

WWWThread is prone to a cross-site-scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

WWWThread 5.0.8 Pro is vulnerable; other versions may also be affected. 

http://www.example.com/cgi-bin/forum/showflat.pl?Cat=&Board=forum&Number=111&page=0&view="<XSS>expanded&sb=1&part=all&vc=1