header-logo
Suggest Exploit
vendor:
Community Server
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Community Server
Affected Version From: Community Server 2007
Affected Version To: Community Server 2008
Patch Exists: NO
Related CWE:
CPE: a:communityserver:community_server
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Cross-Site Scripting Vulnerability in Community Server

The Community Server is vulnerable to a cross-site scripting attack due to insufficient sanitization of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially allowing the attacker to steal authentication credentials and launch further attacks.

Mitigation:

Apply a patch or update to a non-vulnerable version of Community Server. Sanitize user-supplied data to prevent script injection.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/49022/info

Community Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Community Server 2007 and 2008 are vulnerable; other versions may also be affected. 

http://www.example.com/utility/TagSelector.aspx?TagEditor=[XSS]

Navigation

Suggest Exploit

Services By CQR