header-logo
Suggest Exploit
vendor:
Escapade
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-site Scripting
79
CWE
Product Name: Escapade
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Cross-site Scripting Vulnerability in Escapade

A cross-site scripting vulnerability has been reported for Escapade. The vulnerability exists due to insufficient sanitization of some user-supplied values. An attacker could exploit this issue to execute arbitrary HTML code in the browser of a remote user who follows a malicious link. Code execution would occur in the context of the vulnerable site. It has also been reported that this issue may be exploited to disclose the installation path of the affected software.

Mitigation:

Input validation should be used to ensure that user-supplied values are properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8573/info

A cross-site scripting vulnerability has been reported for Escapade. The vulnerability exists due to insufficient sanitization of some user-supplied values.

An attacker could exploit this issue to execute arbitrary HTML code in the browser of a remote user who follows a malicious link. Code execution would occur in the context of the vulnerable site. It has also been reported that this issue may be exploited to disclose the installation path of the affected software. 

http://www.example.com/cgi-bin/esp?PAGE=<script>alert(document.domain)
</script>

Navigation

Suggest Exploit

Services By CQR