Lucene search
High-Tech Bridge SAEDB-ID:38236HistoryJan 23, 2013 - 12:00 a.m.
gpEasy CMS - 'section' Cross-Site Scripting
2013-01-2300:00:00
High-Tech Bridge SA
www.exploit-db.com
17
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/57522/info
gpEasy CMS is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
gpEasy CMS 3.5.2 and prior versions are vulnerable.
http://www.example.com//?cmd=new_section§ion=%22%3%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E Related
securityvulns
securityvulns
Cross-Site Scripting (XSS) vulnerability in gpEasy
2013-01-28 00:00:00
cvelist
cvelist
CVE-2013-0807
2014-03-28 15:00:00
htbridge
htbridge
Cross-Site Scripting (XSS) vulnerability in gpEasy
2013-01-02 00:00:00
cve
cve
CVE-2013-0807
2014-03-28 15:55:08
packetstorm
packetstorm
gpEasy 3.5.2 Cross Site Scripting
2013-01-24 00:00:00
prion
prion
Cross site scripting
2014-03-28 15:55:00
nvd
nvd
CVE-2013-0807
2014-03-28 15:55:08