Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbPeter GründlEDB-ID:21621
HistoryJul 17, 2002 - 12:00 a.m.

Macromedia Sitespring 1.2 - Default Error Page Cross-Site Scripting

2002-07-1700:00:00
Peter Gründl
www.exploit-db.com
31

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/5249/info

Macromedia Sitespring is a J2EE-compliant product for managing website production. The Macromedia Sitespring server runs on Microsoft Windows operating systems.

A cross-site scripting issue has been reported in the default error page used by Sitespring. When an HTTP 500 error is returned, some user-supplied data is included in the generated HTML. Since this data isn't properly sanitized, an attacker may be able to include arbitrary HTML, including JavaScript. 

http://server/error/500error.jsp?et=1<script>alert('KPMG')</script>

Related

cvelist 1
cve 1
nvd 1
cvelist
cvelist
CVE-2002-1027
2002-08-31 04:00:00
cve
cve
CVE-2002-1027
2002-10-04 04:00:00
nvd
nvd
CVE-2002-1027
2002-10-04 04:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:21621
cvelist1cve1nvd1