header-logo
Suggest Exploit
vendor:
SCI Photo Chat
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: SCI Photo Chat
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:sci:photo_chat
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

SCI Photo Chat Cross-Site Scripting Vulnerability

SCI Photo Chat is susceptible to a cross-site scripting vulnerability due to a failure of the application to properly sanitize user-supplied URI input. A remote attacker can exploit this issue by creating a malicious link that includes hostile HTML and script code. If an unsuspecting user follows this link, the hostile code may be rendered in their web browser, potentially leading to theft of authentication credentials or other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize user input to prevent the execution of malicious scripts. Additionally, implementing content security policies and input validation can help protect against XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10648/info

SCI Photo Chat is reported susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.

The web server component of SCI Chat server will display an error message when it receives an HTTP request for an invalid file. This error message includes the complete unsanitized content of the original request.

A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed by an unsuspecting user, the hostile code may be rendered in the their web browser. This would occur in the security context of the web server and may allow for theft of cookie-based authentication credentials or other attacks. 

http://www.example.com:1235/<script>alert(document.cookie);</script>

Navigation

Suggest Exploit

Services By CQR