The vulnerability allows for XSS attacks in the URL and form fields, as well as an upload vulnerability that can be used to upload a shell.
IDevSpot BizDirectory is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow an attacker steal cookie-based authentication credentials and launch other attacks.
IDevSpot iSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
iSupport version 1.8 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains malicious SQL statements that are executed in the backend database. This can allow an attacker to gain access to sensitive information such as usernames, passwords, and other sensitive data stored in the database.
TextAds 2.08 Script Cross Site Scripting Vulnerability allows an attacker to inject malicious scripts into the Title field of the NewAds page. This can be used to steal the administrator's cookie and gain access to the site.
IDevSpot BizDirectory is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
iSupport version 1.8 is vulnerable to Cross-Site Scripting (XSS) and Local File Inclusion (LFI) attacks. An attacker can inject malicious JavaScript code into the vulnerable parameters of the application, which will be executed in the browser of the victim. An attacker can also exploit the LFI vulnerability to read sensitive files from the server.
iDevCart 1.10 is vulnerable to multiple local file inclusion vulnerabilities. An attacker can exploit these vulnerabilities to include arbitrary local files on the server, which can lead to remote code execution.
The idevspot TextAds V2.08 suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database.
Services By CQR