header-logo
Suggest Exploit
vendor:
Digital Scribe
by:
SecurityFocus
8.8
CVSS
HIGH
Cross-site Scripting
79
CWE
Product Name: Digital Scribe
Affected Version From: Digital Scribe 1.0
Affected Version To: Digital Scribe 1.0
Patch Exists: YES
Related CWE: CVE-2002-1490
CPE: a:digital_scribe:digital_scribe:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

A problem has been reported in the checking of input by Digital Scribe

Digital Scribe is vulnerable to Cross-site Scripting attacks due to insufficient input validation. An attacker can craft a malicious URL and send it to a user of the application. When the user clicks on the link, the malicious script will be executed in the user's browser. This can be used to steal cookie authentication credentials or launch other attacks.

Mitigation:

Input validation should be performed to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8551/info

A problem has been reported in the checking of input by Digital Scribe, potentially allow for cross-site scripting attacks. Because of this, it may be possible for an attacker to steal cookie authentication credentials or launch other attacks. 

http://www.example.com/login.php?error=<script>(document.cookie)</script>

Navigation

Suggest Exploit

Services By CQR