header-logo
Suggest Exploit
vendor:
VBTube
by:
Unknown
5.5
CVSS
MEDIUM
Cross-site scripting (XSS)
79
CWE
Product Name: VBTube
Affected Version From: VBTube 1.1
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:vbwebgroup:vbweb_vbtube:1.1
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-site Scripting Vulnerability in VBTube

The VBTube application is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary HTML or script code in a user's browser session, potentially leading to the theft of cookie-based authentication credentials and the ability to launch further attacks.

Mitigation:

To mitigate this vulnerability, the vendor should ensure that all user-supplied data is properly sanitized before being displayed in web pages. Additionally, users are advised to be cautious when visiting untrusted websites and to use a web browser with built-in XSS protection.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26566/info

VBTube is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

This issue affects VBTube 1.1; other versions may also be vulnerable. 

http://www.example.com/vBTube.php?do=search&search=<script>alert(document.cookie)</script>

Navigation

Suggest Exploit

Services By CQR