Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

PHD Help Desk 1.43 - 'atributo_list.php' Multiple Cross-Site Scripting Vulnerabilities

Related Vulnerabilities: CVE-2009-4047  
Publish Date: 16 Nov 2009
Author: Amol Naik
Source / Download Exploit 
                							

                source: http://www.securityfocus.com/bid/37029/info
    
PHD Help Desk is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
    
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible.
    
PHD Help Desk 1.43 is vulnerable; other versions may also be affected. 

http://www.example.com/atributo_list.php?pagina=1[code]&q_registros=15&orden=activo&sentido
http://www.example.com/atributo_list.php?pagina=1&q_registros=15[code]&orden=activo&sentido
http://www.example.com/atributo_list.php?pagina=1&q_registros=15&orden=activo[code]&sentido
http://www.example.com/atributo_list.php?pagina=1&q_registros=15&orden=activo&sentido[code]

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started