header-logo
Suggest Exploit
vendor:
Member Management System
by:
SecurityFocus
4.3
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: Member Management System
Affected Version From: 2.1
Affected Version To: 2.1
Patch Exists: YES
Related CWE: N/A
CPE: member_management_system
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Member Management System Cross-Site Scripting Vulnerability

It has been reported that a number of Member Management System scripts are prone to cross-site scripting vulnerabilities. These issues are reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks. The issues are reported to affect the 'err' parameter of 'error.asp' script and the 'register.asp' script. In the register form: '><iframe src=http://www.example.com/admin/user_del.asp?ID=[ID to delete]>

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9932/info
 
It has been reported that a number of Member Management System scripts are prone to cross-site scripting vulnerabilities. These issues are reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks. The issues are reported to affect the 'err' parameter of 'error.asp' script and the 'register.asp' script.
 
Member Management System version 2.1 has been reported to be affected by this issue, however, other versions may be vulnerable as well.

In the register form: "><iframe src=http://www.example.com/admin/user_del.asp?ID=[ID to delete]>

Navigation

Suggest Exploit

Services By CQR