header-logo
Suggest Exploit
vendor:
Chipmunk products
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: Chipmunk products
Affected Version From: All versions
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Scripting Vulnerabilities in Chipmunk Products

Multiple cross-site scripting vulnerabilities exist in Chipmunk products due to a failure in properly sanitizing user-supplied input. An attacker can exploit these vulnerabilities by injecting arbitrary script code into the affected site, potentially leading to the theft of authentication credentials and other attacks.

Mitigation:

Implement proper input validation and sanitization to prevent the execution of malicious script code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15149/info

Chipmunk products are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 

http://www.example.com/board/newtopic.php?forumID='%3C/a>%3CIFRAME%20SRC=javascript:alert(%2527xss%2527)%3E%3C/IFRAME%3E

Navigation

Suggest Exploit

Services By CQR

cqrsecured