WebStudio CMS Cross-Site Scripting Vulnerability

vendor:

WebStudio CMS

by:

7.5

CVSS

HIGH

Cross-Site Scripting

CWE

Product Name: WebStudio CMS

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

WebStudio CMS Cross-Site Scripting Vulnerability

WebStudio CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input sanitization and validation mechanisms in the WebStudio CMS application. This can help prevent malicious script code from being executed by the application.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24297/info

WebStudio CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 

http://www.example.com/?pageid=[XSS] 
http://www.example.com/?pageid=[XSS] 
http://www.example.com/?pageid=[XSS] 
http://www.example.com/?pageid=-->[XSS] 
http://www.example.com/?pageid=email@address.com[XSS]domain.com 
http://www.example.com/?pageid=[XSS] 
http://www.example.com/index.php?pageid=>'>[XSS] 
http://www.example.com/index.php?pageid=[XSS] 
http://www.example.com/index.php?pageid=[XSS] 
http://www.example.com/index.php?pageid=-->[XSS] 
http://www.example.com/index.php?pageid=email@address.com[XSS]domain.com 
http://www.example.com/index.php?pageid=[XSS]