header-logo
Suggest Exploit
vendor:
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name:
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Arbitrary Script Code Execution

An attacker may be capable of executing arbitrary script code in a browser of a target user and within the context of a visited web site. This may potentially lead to theft of cookie based authentication credentials, other attacks are also possible.

Mitigation:

Implement input validation and output encoding to prevent the injection of malicious scripts. Use proper security measures to protect authentication credentials.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10203/info

An attacker may be capable of executing arbitrary script code in a browser of a target user and within the context of a visited web site. This may potentially lead to theft of cookie based authentication credentials, other attacks are also possible.

http://www.example.com/fullnews.php?id=<script>alert(document.cookie);</script>