header-logo
Suggest Exploit
vendor:
MD-Pro
by:
N/A
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: MD-Pro
Affected Version From: 1.0.76
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
N/A

MAXdev MD-Pro Cross-Site Scripting Vulnerability

MAXdev MD-Pro is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to dynamically generate web pages. Additionally, the application should use a whitelist of acceptable inputs that strictly conform to specifications. All user-supplied data should be filtered for malicious HTML code, including client-side scripts.
Source

Exploit-DB raw data:

MAXdev MD-Pro is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. 

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Maxdev MD-Pro 1.0.76 is vulnerable; earlier versions may also be affected.

http://www.example.com/user.php?uname=1&module=NS-LostPassword&op=[code]

Navigation

Suggest Exploit

Services By CQR