{"lastseen": "2020-04-01T19:04:49", "references": [], "description": "\nSpitfire 1.0.381 - Cross-Site Scripting Cross-Site Request Forgery", "edition": 1, "reporter": "Nijel the Destroyer", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2010-07-15T00:00:00", "title": "Spitfire 1.0.381 - Cross-Site Scripting Cross-Site Request Forgery", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:04:49", "rev": 2}, "score": {"value": 0.6, "vector": "NONE", "modified": "2020-04-01T19:04:49", "rev": 2}, "vulnersScore": 0.6}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2010-07-15T00:00:00", "id": "EXPLOITPACK:9B7C993772CFC01B5D8AC60F975DAEBC", "href": "", "viewCount": 1, "sourceData": "source: https://www.securityfocus.com/bid/41701/info\n\nSpitfire is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability.\n\nAn attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. Other attacks may also be possible.\n\nSpitfire 1.0.381 is vulnerable; other versions may also be affected. \n\nhttp://www.example.com/cont_index.php?cms_id=PAGE_ID&search=1\"><script>alert(document.cookie)</script>", "cvss": {"score": 0.0, "vector": "NONE"}}

{}