header-logo
Suggest Exploit
vendor:
SearchSolutions SearchFeed, RevenuePilot, Google API
by:
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: SearchSolutions SearchFeed, RevenuePilot, Google API
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Cross-Site Scripting Vulnerabilities in SearchSolutions SearchFeed, RevenuePilot, and Google API

The vulnerabilities exist due to a lack of proper sanitization of user-supplied input in SearchSolutions SearchFeed, RevenuePilot, and Google API. An attacker can exploit these vulnerabilities by injecting arbitrary script code into the affected site, leading to the execution of malicious code in the browser of unsuspecting users. This can result in the theft of authentication credentials and other potential attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization mechanisms in the affected applications. Additionally, web application firewalls (WAFs) can help detect and block malicious input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15612/info

SearchSolutions SearchFeed, RevenuePilot, and Google API are prone to cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

http://www.example.com/index.php?REQ=%3Cscript%3Ealert('r0t%20XSS')%3C/script%3ESubmit=Submit