Lucene search
Amol NaikEDB-ID:33300HistoryOct 21, 2009 - 12:00 a.m.
OpenDocMan 1.2.5 - 'department.php' Cross-Site Scripting
2009-10-2100:00:00
Amol Naik
www.exploit-db.com
10
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/36777/info
OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
OpenDocMan 1.2.5 is vulnerable; other versions may also be affected.
http://www.example.com/opendocman/department.php/"><script>alert(1)</script><"?aku=c3VibWl0PXNob3dwaWNrJnN0YXRlPTI=Related
exploitdb
exploitdb
OpenDocMan 1.2.5 - 'search.php' Cross-Site Scripting
2009-10-21 00:00:00
OpenDocMan 1.2.5 - 'index.php?last_message' Cross-Site Scripting
2009-10-21 00:00:00
OpenDocMan 1.2.5 - 'category.php' Cross-Site Scripting
2009-10-21 00:00:00
cve
cve
CVE-2009-3789
2009-10-26 17:30:00
cvelist
cvelist
CVE-2009-3789
2009-10-26 17:00:00
nvd
nvd
CVE-2009-3789
2009-10-26 17:30:00
prion
prion
Cross site scripting
2009-10-26 17:30:00
openvas
openvas
OpenDocMan Multiple XSS and SQL Injection Vulnerabilities
2009-10-29 00:00:00
OpenDocMan Multiple XSS and SQL Injection Vulnerabilities
2009-10-29 00:00:00