header-logo
Suggest Exploit
vendor:
asgbookphp
by:
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: asgbookphp
Affected Version From: 1.9
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Cross-Site Scripting Vulnerability in asgbookphp

The asgbookphp application is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary HTML and script code in the context of the affected site, potentially leading to the theft of authentication credentials and other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize user-supplied input by implementing input validation and output encoding techniques.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/50167/info

asgbookphp is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary HTML and script code in an unsuspecting user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

http://code.google.com/p/asgbookphp/ asgbookphp 1.9 is vulnerable; other versions may also be affected. 

http://www.example.com/asgbookphp/index.php/>'><ScRiPt>alert(771818860)</ScRiPt>

Navigation

Suggest Exploit

Services By CQR