header-logo
Suggest Exploit
vendor:
Java Search Engine
by:
7.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: Java Search Engine
Affected Version From:
Affected Version To:
Patch Exists:
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Cross-Site Scripting Vulnerability in Java Search Engine

The Java Search Engine is vulnerable to a cross-site scripting attack. This vulnerability occurs due to the lack of proper input sanitization by the application. An attacker can exploit this vulnerability by injecting arbitrary script code through user-supplied input. When a victim user visits a specially crafted URL, the injected script code will execute in their browser within the context of the affected site. This can lead to various malicious activities, including the theft of authentication credentials stored in cookies.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input sanitization techniques in the Java Search Engine application. All user-supplied input should be properly validated and sanitized to prevent the execution of arbitrary script code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15687/info

Java Search Engine is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

http://www.example.com/search.jsp?oe=english&q=%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E&qor=

Navigation

Suggest Exploit

Services By CQR