vendor:
Wallpaper Script
by:
nullp0int3r
5.5
CVSS
MEDIUM
Stored XSS
79
CWE
Product Name: Wallpaper Script
Affected Version From: 3.5.1982
Affected Version To: 3.5.1982
Patch Exists: NO
Related CWE:
CPE: a:wallpaperscript:wallpaperscript:3.5.0082
Platforms Tested: Windows
2013
Wallpaper Script Stored XSS Vulnerability
This exploit allows an attacker to inject malicious JavaScript code into the title field of a wallpaper on the Wallpaper Script platform. When a regular member views the wallpaper, the injected code will be executed, leading to a Cross-Site Scripting (XSS) attack.
Mitigation:
To mitigate this vulnerability, the vendor should sanitize user input and ensure that it does not execute any embedded code.