header-logo
Suggest Exploit
vendor:
Fluid Dynamics Search Engine
by:
SecurityFocus
4.3
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: Fluid Dynamics Search Engine
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2002-1390
CPE: o:fluid_dynamics:fluid_dynamics_search_engine
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: UNIX and Microsoft Windows
2002

Fluid Dynamics Search Engine XSS Vulnerability

Fluid Dynamics Search Engine is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker can construct a malicious URL that will cause scripting code to be embedded in a search results page. When an innocent user follows such a link, the script code will execute within the context of the hosted site.

Mitigation:

To mitigate this vulnerability, users should ensure that they are running the latest version of Fluid Dynamics Search Engine.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5199/info

Fluid Dynamics Search Engine is a search application for local and remote web sites, and is designed to work in most UNIX and Microsoft Windows environments. Fluid Dynamics Search Engine and is maintained by Zoltan Milosevic.

It is possible for attackers to construct a URL that will cause scripting code to be embedded in a search results page. As a result, when an innocent user follows such a link, the script code will execute within the context of the hosted site.

http://www.xav.com/search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&Rank=<br><h1>XSS</h1>

Navigation

Suggest Exploit

Services By CQR