header-logo
Suggest Exploit
vendor:
F*EX
by:
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: F*EX
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Multiple Cross-Site Scripting Vulnerabilities in F*EX

F*EX is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials. Other attacks are also possible.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. Regularly updating the F*EX software to the latest version may also address these issues.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/52085/info

F*EX is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials. Other attacks are also possible. 

http://www.example.com/fup [id parameter]
http://www.example.com/fup [to parameter]
http://www.example.com/fup [from parameter]

Navigation

Suggest Exploit

Services By CQR