header-logo
Suggest Exploit
vendor:
WPKontakt
by:
Unknown
7.5
CVSS
HIGH
Script Execution
94
CWE
Product Name: WPKontakt
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

WPKontakt Script Execution Vulnerability

WPKontakt is prone to a potential script execution vulnerability. Remote attackers may execute arbitrary script code on a vulnerable computer by sending a specially crafted email address containing a JavaScript URI.

Mitigation:

No known mitigation
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12097/info

WPKontakt is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable computer, which may lead to various attacks. Arbitrary script code may be executed on a target system in the event that a specially message containing a specially malformed email address containing a JavaScript URI is received. 

test@"style="background-image:url(javascript:alert(%22You%20are%20owned!%22>))".wp.pl

Navigation

Suggest Exploit

Services By CQR