Published: 13/02/2009 Updated: 16/02/2009

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote malicious users to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fotoware fotoweb 6.0

source: wwwsecurityfocuscom/bid/33677/info FotoWeb is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication creden ...

source: wwwsecurityfocuscom/bid/33677/info FotoWeb is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication cred ...

CWE-79 http://secunia.com/advisories/33879 http://www.securityfocus.com/bid/33677 http://www.fortconsult.net/images/pdf/advisories/FotoWebXSS_final.pdf https://nvd.nist.gov https://www.exploit-db.com/exploits/32782/

CVE-2009-0573

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect