Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

OSQA's CMS - Multiple HTML Injection Vulnerabilities

Related Vulnerabilities: CVE-2012-1782  
Publish Date: 27 Feb 2012
Author: Ucha Gobejishvili
Source / Download Exploit 
                source: http://www.securityfocus.com/bid/52184/info

OSQA's CMS is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible.

OSQA 3b is vulnerable; other versions may also be affected. 

http://www.example.com/questions/ask/ press url bar & put xss code <img src="<img src=search"/onerror=alert("xss")//">
http://www.example.com/questions/ask/ press picture bar & put xss code <img src="<img src=search"/onerror=alert("xss")//">

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started