SoftDirec Cross-Site Scripting Vulnerability

vendor:

SoftDirec

by:

5.5

CVSS

MEDIUM

Cross-Site Scripting (XSS)

CWE

Product Name: SoftDirec

Affected Version From: SoftDirec 1.05

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unknown

SoftDirec Cross-Site Scripting Vulnerability

The SoftDirec application is prone to a cross-site scripting vulnerability. This vulnerability occurs because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker can exploit this issue by injecting malicious script code into the affected site, which will be executed in the browser of an unsuspecting user. This can lead to the theft of authentication credentials and enable the attacker to launch further attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to ensure that user-supplied data is properly handled and rendered safely. Additionally, web application firewalls can be employed to detect and block malicious input.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/40269/info

SoftDirec is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

SoftDirec 1.05 is vulnerable; other versions may also be affected.

http://www.example.com/softdirec/library/delete_confirm.php?delete=yes&id=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>&return=souk%20naamane&type=hacked%20by&catdel=indoushka