header-logo
Suggest Exploit
vendor:
Multiple products (Classified ADs, Classmates, Deal Informer)
by:
Unknown
7.5
CVSS
HIGH
Cross-site scripting (XSS)
79
CWE
Product Name: Multiple products (Classified ADs, Classmates, Deal Informer)
Affected Version From: Classified ADs 2.9.1, Classmates 1.1.1, Deal Informer 4.8.0
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-site scripting vulnerability in GoT.MY products

The vulnerability allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can lead to the theft of cookie-based authentication credentials and other possible attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest security patches provided by the vendor. Additionally, input validation and output encoding should be implemented to prevent script injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47702/info

Multiple GoT.MY products are prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials; other attacks are possible.

The following are vulnerable:
Classified ADs 2.9.1
Classmates 1.1.1
Deal Informer 4.8.0 

http://www.example.com/themes/default/header.inc.php?theme_dir=%22%3E%3Cscript%3E
alert%28document.cookie%29;%3C/script%3E

Navigation

Suggest Exploit

Services By CQR