header-logo
Suggest Exploit
vendor:
Jetbox CMS
by:
Unknown
4.3
CVSS
MEDIUM
Cross-site scripting (XSS)
79
CWE
Product Name: Jetbox CMS
Affected Version From: 2.1
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:jetbox_software:jetbox_cms:2.1
Metasploit:
Other Scripts:
Platforms Tested: Not specified
2007

Cross-site scripting vulnerability in Jetbox CMS

The vulnerability allows an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. This can lead to the theft of cookie-based authentication credentials and the ability to launch further attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and implement proper input validation and output encoding. Regular security updates and patches should also be applied to the CMS.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24095/info

Jetbox CMS is prone to a cross-site scripting vulnerability.

This vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

Jetbox 2.1 is reported vulnerable; other versions may also be affected. 

http://www.example.com/product/index.php?view=webuser&task=sendpw&login=<script>alert(document.cookies)</script>

Navigation

Suggest Exploit

Services By CQR