header-logo
Suggest Exploit
vendor:
Discuz!
by:
SecurityFocus
6.4
CVSS
MEDIUM
Cross Site Scripting
79
CWE
Product Name: Discuz!
Affected Version From: Discuz! 1.0
Affected Version To: Discuz! 1.0
Patch Exists: YES
Related CWE: N/A
CPE: a:comsenz:discuz
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Discuz! Cross Site Scripting Vulnerability

Discuz! is prone to an Cross Site Scripting vulnerability due to the application failing to properly sanitize links embedded within user messages. This vulnerability allows a malicious user to steal cookie based authentication credentials or other information within the context of the affected web page.

Mitigation:

Input validation should be used to ensure that user supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9584/info

It has been reported that Discuz! is prone to an Cross Site Scripting vulnerability. This issue is caused by the application failing to properly sanitize links embedded within user messages. Upon successful exploitation of this issue, a malicious user could steal cookie based authentication credentials or other information within the context of the affected web page.

[img]http://a.gif');alert(document.cookie);a=escape=('a[/img]

Navigation

Suggest Exploit

Services By CQR