[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

www.eVuln.com : "titl","url" - Non-persistent XSS in Social Share

www.eVuln.com advisory:
"title" and "ur"l - Non-persistent XSS in Social Share
Summary: http://evuln.com/vulns/164/summary.html 
Details: http://evuln.com/vulns/164/description.html 

eVuln ID: EV0164
Software: Social Share
Vendor: n/a
Version: 2010-06-05
Critical Level: low
Type: Cross Site Scripting
Status: Unpatched. No reply from developer(s)
PoC: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )

It is possible to inject xss code into "title" and "url" parameters in save.php script.
Parameters "title", "url" are not properly sanitized before being used in HTML code.

PoC code is available at:

Not available

Vulnerability discovered by Aliaksandr Hartsuyeu
http://evuln.com/code-analysis.html - source code review service