Lucene search
High-Tech BridgeHTB22457HistoryJun 21, 2010 - 12:00 a.m.
Cross-site Scripting (XSS) Vulnerability in osCSS
2010-06-2100:00:00
High-Tech Bridge
www.htbridge.com
16
EPSS
0.008
Percentile
81.2%
High-Tech Bridge SA Security Research Lab has discovered vulnerability in osCSS which could be exploited to perform cross-site scripting attacks.
- Cross-site scripting (XSS) vulnerability in osCSS: CVE-2010-2856
The vulnerability exists due to input sanitation error in the “page” parameter in admin/currencies.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website. Successful exploitation requires that victim has access to administrative interface.
Exploitation example:
http://example.com/admin/currencies.php?page=1"><script>alert(document.cooki e)</script>&cID=1
Related
cve
cve
CVE-2010-2856
2010-07-25 02:04:14
nvd
nvd
CVE-2010-2856
2010-07-25 02:04:14
exploitdb
exploitdb
osCSS 1.2.2 - 'page' Cross-Site Scripting
2010-07-08 00:00:00
openvas
openvas
osCSS <= 1.2.2 XSS Vulnerability
2010-08-02 00:00:00
osCSS 'page' Parameter Cross Site Scripting Vulnerability
2010-08-02 00:00:00
prion
prion
Cross site scripting
2010-07-25 02:04:00
cvelist
cvelist
CVE-2010-2856
2010-07-23 20:00:00