Social Share version 2010-06-05 suffers from a cross site scripting vulnerability.
5153452b8b08bdb41c6ffb689a224babdc0cd263aa686e5527d8c7f9e90a9eb4www.eVuln.com advisory:
"search" - Non-persistent XSS in Social Share
Summary: http://evuln.com/vulns/169/summary.html
Details: http://evuln.com/vulns/169/description.html
-----------Summary-----------
eVuln ID: EV0169
Software: Social Share
Vendor: n/a
Version: 2010-06-05
Critical Level: low
Type: Cross Site Scripting
Status: Unpatched. No reply from developer(s)
PoC: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )
--------Description--------
It is possible to inject xss code into "search" parameter in
"search.php" script.
Parameter "search" is not properly sanitized before being used in HTML
code.
--------PoC/Exploit--------
Non-persistent XSS Example.
XSS example: http://website/socialshare/search.php?search=<XSS>
---------Solution----------
Not available
----------Credit-----------
Vulnerability discovered by Aliaksandr Hartsuyeu
http://evuln.com/code-analysis.html - source code analysis service
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed