header-logo
Suggest Exploit
vendor:
Private Message System
by:
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS) and Information Disclosure
79
CWE
Product Name: Private Message System
Affected Version From: 1.1.2003
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Multiple vulnerabilities in Private Message System

Private Message System is reported prone to multiple vulnerabilities that can allow remote attackers to carry out cross-site scripting attacks and disclose arbitrary private messages.

Mitigation:

The vendor has not provided any mitigation or remediation for this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11671/info
 
Private Message System is reported prone to multiple vulnerabilities that can allow remote attackers to carry out cross-site scripting attacks and disclose arbitrary private messages.
 
Private Message System 1.1.3 is reported vulnerable to these issue, however, it is possible that other version are affected as well.

http://www.example.com/message_send.php?quote=[ID]