header-logo
Suggest Exploit
vendor:
Betsie (BBC Education Text to Speech Internet Enhancer)
by:
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: Betsie (BBC Education Text to Speech Internet Enhancer)
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Betsie (BBC Education Text to Speech Internet Enhancer) Cross-Site Scripting Vulnerability

The Betsie (BBC Education Text to Speech Internet Enhancer) application is prone to a cross-site scripting vulnerability. This vulnerability exists in the 'parserl.pl' script. Attackers can exploit this vulnerability by providing a malicious link to a website that is running the vulnerable software. If a user visits the malicious link, it can cause arbitrary script code to be executed in their web browser.

Mitigation:

To mitigate this vulnerability, it is recommended to update the Betsie software to a patched version that addresses this issue. Additionally, it is advisable to validate and sanitize user input to prevent cross-site scripting attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5135/info

Betsie (BBC Education Text to Speech Internet Enhancer) is prone to a cross-site scripting vulnerability. This issue exists in the parserl.pl script.

Attackers may exploit this condition via a malicious link to a site running the vulnerable software. Successful exploitation will enable an attacker to cause script code to be executed in the web browser of a user who visits the malicious link. 

http://server/cgi-bin/betsie/parserl.pl/<script>alert("eek!")</script>

Navigation

Suggest Exploit

Services By CQR