Home page logo

bugtraq logo Bugtraq mailing list archives

www.eVuln.com : "link" and "linkdescription" XSS in Social Share
From: bt () evuln com
Date: 17 Dec 2010 11:31:23 -0000

www.eVuln.com advisory:
"link" and "linkdescription" XSS in Social Share
Summary: http://evuln.com/vulns/165/summary.html 
Details: http://evuln.com/vulns/165/description.html 

eVuln ID: EV0165
Software: Social Share
Vendor: n/a
Version: 2010-06-05
Critical Level: low
Type: Cross Site Scripting
Status: Unpatched. No reply from developer(s)
PoC: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )

It is possible to inject xss code into "link" and "linkdescription" parameters in processPost.php script.
Parameters "link" and "linkdescription" are not properly sanitized before being used in HTML code.

PoC code is available at:

Not available

Vulnerability discovered by Aliaksandr Hartsuyeu
http://evuln.com/penetration-test.html - penetration testing service

  By Date           By Thread  

Current thread:
  • www.eVuln.com : "link" and "linkdescription" XSS in Social Share bt (Dec 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]