header-logo
Suggest Exploit
vendor:
Open Constructor
by:
SecurityFocus
7,5
CVSS
HIGH
Multiple Input-Validation Vulnerabilities
20
CWE
Product Name: Open Constructor
Affected Version From: 3.12.0
Affected Version To: 3.12.0
Patch Exists: N/A
Related CWE: N/A
CPE: openconstructor
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

Open Constructor Multiple Input-Validation Vulnerabilities

Open Constructor is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Input validation should be used to detect unauthorized input before it is processed by the application. Input validation should be applied on both client-side and server-side. All input data should be validated before it is used by the application. For example, all strings should be checked to see if they match the expected format, and should contain only expected characters. Inputs should also be checked to see if they are within the expected range.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/54822/info
  
Open Constructor is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input.
  
Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  
Open Constructor 3.12.0 is vulnerable; other versions may also be affected. 

http://www.example.com/openconstructor/confirm.php?q=<script>alert('XSS')</script>skin=metallic

Navigation

Suggest Exploit

Services By CQR