Published: 27/08/2009 Updated: 29/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate Premium allow remote malicious users to inject arbitrary web script or HTML via the blog, possibly the (1) Title and (2) Text fields; (3) the gallery, possibly the Description field in Your Pictures; (4) the forum, possibly the Your Message field when posting a new thread; or (5) the vote parameter in a view action to index.php. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qsoft-inc k-rate -

================================================================================ || K-Rate SQL-INJECTION, XSS ================================================================================ Application: K-Rate ------------ Website: turn-knet/k-rate -------- Demo: kratedemocom ----- Version: All ------- ...

CWE-79 http://osvdb.org/48341 http://osvdb.org/48339 http://osvdb.org/48340 http://secunia.com/advisories/31548 http://www.securityfocus.com/bid/30842 https://exchange.xforce.ibmcloud.com/vulnerabilities/44674 https://exchange.xforce.ibmcloud.com/vulnerabilities/44672 https://www.exploit-db.com/exploits/6312 https://nvd.nist.gov https://www.exploit-db.com/exploits/6312/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-7098

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect