header-logo
Suggest Exploit
vendor:
Match Agency BiZ
by:
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: Match Agency BiZ
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Cross-Site Scripting in Datetopia Match Agency BiZ

The Datetopia Match Agency BiZ application is prone to multiple cross-site scripting vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the context of an unsuspecting user's browser. This can lead to the theft of authentication credentials and facilitate further attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to properly sanitize and validate user-supplied input before using it in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/40488/info

Datetopia Match Agency BiZ is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

http://www.example.com/smilies_popup.php?details_var=%3E%22%3E%3CScRiPt%20%0a%0d%3Ealert(666)%3B%3C/ScRiPt%3E
http://www.example.com/manage_pictures.php?profile_id=%3E%22%3E%3CScRiPt%20%0a%0d%3Ealert(666)%3B%3C/ScRiPt%3E