header-logo
Suggest Exploit
vendor:
Planet Script
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: Planet Script
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2010

Cross-Site Scripting Vulnerability in Planet Script

The Planet Script is vulnerable to a cross-site scripting (XSS) vulnerability due to insufficient input sanitization. An attacker can exploit this vulnerability to inject and execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other malicious activities.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques. Additionally, developers should use output encoding when displaying user-supplied data to prevent script injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/40203/info

Planet Script is prone to a cross-site scripting vulnerability because the it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Planet Script 1.3 and prior are vulnerable. 

http://www.example.com/idomains.php?do=encode&decoded=&ext=[ Xss ]