header-logo
Suggest Exploit
vendor:
AzDGDatingLite
by:
Not available
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: AzDGDatingLite
Affected Version From: AzDGDatingLite 2.1.1
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Not available
CPE: a:azdg:azdgdatinglite:2.1.1
Metasploit:
Other Scripts:
Platforms Tested:
2004

Multiple Cross-Site Scripting Vulnerabilities in AzDGDatingLite

These vulnerabilities can be exploited by enticing a victim user to visit a malicious link that includes hostile HTML and script code. The exploitation can facilitate theft of cookie-based authentication credentials or other attacks.

Mitigation:

The vendor should release a patch or update to fix the cross-site scripting vulnerabilities. Users are advised to avoid clicking on suspicious or untrusted links.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10084/info
 
Multiple cross-site scripting vulnerabilities have been reported in AzDGDatingLite. These issues may be exploited by enticing a victim user to visit a malicious link that includes hostile HTML and script code.
 
Exploitation could facilitate theft of cookie-based authentication credentials or other attacks.
 
This issue was reported in AzDGDatingLite 2.1.1. It is not known if earlier versions or commercial releases which share the same code base are affected, such as AzDGDatingPlatinum or AzDGDatingGold. 

http://www.example.com/azdlite/view.php?l=&id=00001<script>alert(document.cookie);</script>

Navigation

Suggest Exploit

Services By CQR