Lucene search
Tim BrownEDB-ID:30801HistoryNov 23, 2007 - 12:00 a.m.
Bandersnatch 0.4 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
2007-11-2300:00:00
Tim Brown
www.exploit-db.com
16
source: https://www.securityfocus.com/bid/26553/info
Bandersnatch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Bandersnatch 0.4 is vulnerable; other versions may also be affected.
http://www.example.com/path/to/index.php?func=[injectionpoint]
http://www.example.com/path/to/index.php?date=[injectionpoint]
http://www.example.com/path/to/index.php?func=log&jid=[injectionpoint]
http://www.example.com/path/to/index.php?func=user&jid=[injectionpoint] Related
ubuntucve
ubuntucve
CVE-2007-6001
2007-11-15 00:00:00
cve
cve
CVE-2007-6001
2007-11-15 22:46:00
cvelist
cvelist
CVE-2007-6001
2007-11-15 22:00:00
prion
prion
Cross site scripting
2007-11-15 22:46:00
nvd
nvd
CVE-2007-6001
2007-11-15 22:46:00