Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbDavid Vieira-KurzEDB-ID:29017
HistoryNov 14, 2006 - 12:00 a.m.

Plesk 7.5/8.0 - 'get_password.php' Cross-Site Scripting

2006-11-1400:00:00
David Vieira-Kurz
www.exploit-db.com
32

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/21067/info

Plesk is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

Plesk 8.0.1 and prior versions are vulnerable.

http://www.example.com:8443/get_password.php/>"><ScRiPt>alert(15031988)</ScRiPt>

Related

nvd 2
cve 2
exploitdb 1
cvelist 2
nvd
nvd
CVE-2006-6451
2006-12-10 21:28:00
CVE-2004-2702
2004-12-31 05:00:00
cve
cve
CVE-2006-6451
2006-12-10 21:28:00
CVE-2004-2702
2007-10-06 21:00:00
exploitdb
exploitdb
Plesk 7.5/8.0 - &#039;login_up.php3&#039; Cross-Site Scripting
2006-11-14 00:00:00
cvelist
cvelist
CVE-2006-6451
2006-12-10 21:00:00
CVE-2004-2702
2007-10-06 21:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:29017
nvd2cve2exploitdb1cvelist2