Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Cross-Site Scripting Vulnerabilities in InstantForum.NET - exploit.company
header-logo
Suggest Exploit
vendor:
InstantForum.NET
by:
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: InstantForum.NET
Affected Version From: 4.1.2000
Affected Version To: 4.1.2000
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Cross-Site Scripting Vulnerabilities in InstantForum.NET

The InstantForum.NET application is prone to multiple cross-site scripting vulnerabilities due to inadequate input sanitization. Attackers can exploit these vulnerabilities to steal cookie-based authentication credentials and launch further attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to update InstantForum.NET to the latest version. Additionally, input validation and sanitization should be implemented to prevent cross-site scripting attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22052/info

InstantForum.NET is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks.

These issues affect version 4.1.0; other versions may also be affected. 

http://www.example.com/Forums-Path/Logon.aspx?SessionID=[xss]

Navigation

Suggest Exploit

Services By CQR