header-logo
Suggest Exploit
vendor:
ASP-Nuke
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: ASP-Nuke
Affected Version From: 2.0.7
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:aspnuke:asp-nuke:2.0.7
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Scripting Vulnerability in ASP-Nuke

The vulnerability allows an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. This can lead to the theft of cookie-based authentication credentials and enable the attacker to launch further attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and implement proper output encoding to prevent the execution of malicious scripts.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24135/info

ASP-Nuke is prone to a cross-site scripting vulnerability.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

ASP-Nuke 2.0.7 is reported vulnerable; other versions may also be affected. 

http://www.example.com/news.asp?id="><script>alert("Vagrant")</script>