header-logo
Suggest Exploit
vendor:
FuseTalk
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: FuseTalk
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:fusetalk:fusetalk
Metasploit:
Other Scripts:
Platforms Tested:
2007

Cross-Site Scripting in FuseTalk

FuseTalk is vulnerable to multiple cross-site scripting (XSS) vulnerabilities due to insufficient input sanitization. These vulnerabilities can be exploited by an attacker to steal cookie-based authentication credentials and launch other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent malicious scripts from being executed. Additionally, using security measures like Content Security Policy (CSP) can help mitigate XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24563/info
 
FuseTalk is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
 
An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks.
 
http://www.example.com/blog/include/common/comfinish.cfm?FTRESULT.errorcode=0&FTVAR_SCRIPTRUN=[xss]

Navigation

Suggest Exploit

Services By CQR