Published: 21/11/2014 Updated: 08/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox prior to 4 Beta allows remote malicious users to inject arbitrary web script or HTML via the User-Agent header.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moxi9 phpfox

# Exploit Title: PHPFox XSS AdminCP # Date: 2014-10-22 # Exploit Author: Wesley Henrique Leite aka "spyk2r" # Vendor Homepage: wwwmoxi9com # Version: All version # CVE : CVE-2014-8469 # Response Vendor: fixed 2014-10-23 (to v4 Beta) [+] DESCRIPTION The system stores all urls accessed in a database table, below information in the same 'p ...

POC

CVE I realy love it!!! All these publications were my first, today I have a slightly different view of how I should have built this path, well, it's true that we have improved over time CVE-2014-8469 PHPFOX XSS ADMINCP CVE-2013-7196 Comment on a publication set to "Only Me" CVE-2013-7195 Flag as "like" a publication set to "Only Me" CVE-2013

CWE-79 http://packetstormsecurity.com/files/129153/PHPFox-Cross-Site-Scripting.html http://www.securityfocus.com/bid/71180 http://www.exploit-db.com/exploits/35274 http://seclists.org/fulldisclosure/2014/Nov/50 https://exchange.xforce.ibmcloud.com/vulnerabilities/98727 https://nvd.nist.gov https://github.com/wesleyleite/CVE https://www.exploit-db.com/exploits/35274/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-8469

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect