header-logo
Suggest Exploit
vendor:
PHP Classifieds
by:
SecurityFocus
8.8
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: PHP Classifieds
Affected Version From: 1
Affected Version To: 1
Patch Exists: YES
Related CWE: CVE-2002-1490
CPE: o:phpclassifieds:phpclassifieds:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

PHP Classifieds Cross-Site Scripting

PHP Classifieds is vulnerable to Cross-Site Scripting attacks due to insufficient sanitization of user-supplied input. An attacker can craft a malicious link containing arbitrary HTML or script code and when the link is visited, the attacker's code will be executed in the web client of the user browsing the link, in the security context of the website hosting the vulnerable software.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5022/info

PHP Classifieds has been reported to be prone to cross-site scripting attacks. Attackers may inject arbitrary HTML or script code into URI parameters in a malicious link. When the malicious link is visited, the attacker's script code will be executed in the web client of the user browsing the link, in the security context of the website hosting the vulnerable software. 

http://target/phpclassifieds/latestwap.php?url=<script>alert('OopS');<

Navigation

Suggest Exploit

Services By CQR