Multiple input-validation vulnerabilities in Spyce

vendor:

Spyce

by:

Unknown

N/A

CVSS

N/A

Input-validation vulnerabilities

Unknown

CWE

Product Name: Spyce

Affected Version From: Spyce 2.1.3

Affected Version To: Unknown

Patch Exists: Unknown

Related CWE: Unknown

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Multiple input-validation vulnerabilities in Spyce

The vulnerabilities in Spyce can lead to information disclosure or client-side script execution. An attacker can execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, launch other attacks, and obtain a server's webroot path.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/27898/info
 
Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution.
 
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The attacker can also obtain a server's webroot path.
 
The issues affect Spyce 2.1.3; other versions may also be vulnerable. 

http://www.example.com/docs/examples/handlervalidate.spy?x="><SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>