Home page logo

bugtraq logo Bugtraq mailing list archives

www.eVuln.com : "titl","url" - Non-persistent XSS in Social Share
From: bt () evuln com
Date: 17 Dec 2010 11:30:32 -0000

www.eVuln.com advisory:
"title" and "ur"l - Non-persistent XSS in Social Share
Summary: http://evuln.com/vulns/164/summary.html 
Details: http://evuln.com/vulns/164/description.html 

eVuln ID: EV0164
Software: Social Share
Vendor: n/a
Version: 2010-06-05
Critical Level: low
Type: Cross Site Scripting
Status: Unpatched. No reply from developer(s)
PoC: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )

It is possible to inject xss code into "title" and "url" parameters in save.php script.
Parameters "title", "url" are not properly sanitized before being used in HTML code.

PoC code is available at:

Not available

Vulnerability discovered by Aliaksandr Hartsuyeu
http://evuln.com/code-analysis.html - source code review service

  By Date           By Thread  

Current thread:
  • www.eVuln.com : "titl","url" - Non-persistent XSS in Social Share bt (Dec 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]