Cross-Site Scripting Vulnerability in Sniggabo CMS

vendor:

Sniggabo CMS

by:

Not mentioned

5.5

CVSS

MEDIUM

Cross-Site Scripting (XSS)

CWE

Product Name: Sniggabo CMS

Affected Version From: Sniggabo CMS 2.21

Affected Version To: Not mentioned

Patch Exists: NO

Related CWE: Not mentioned

CPE: a:sniggabo:cms:2.21

Metasploit:

Other Scripts:

Platforms Tested: Not mentioned

Not mentioned

Cross-Site Scripting Vulnerability in Sniggabo CMS

Sniggabo CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques in the Sniggabo CMS codebase. Additionally, developers should follow secure coding practices and regularly update the CMS to the latest version.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/40534/info

Sniggabo CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Sniggabo CMS 2.21 is vulnerable; other versions may be affected. 

http://www.example.com/search.php?q=%3Ch1%3EHacked%20by%20Sora%20-%20vhr95zw%20[at]%20hotmail%20[dot]%20com%3C/h1%3E%3Chr%3Eh4Ã?3d%20-%20http://greyhathackers.wordpress.com/%3Cbr%3E&site=www.google.ca