Lucene search
G13PACKETSTORM:108707HistoryJan 16, 2012 - 12:00 a.m.
Family Connections 2.7.2 Cross Site Scripting
2012-01-1600:00:00
G13
packetstormsecurity.com
17
0.002 Low
EPSS
Percentile
53.1%
`# Exploit Title: Family Connections 2.7.2 Multiple XSS
# Date: 01/14/12
# Author: G13
# CVE: 2012-0699
# Software Link: https://sourceforge.net/projects/fam-connections/
# Version: 2.7.2
# Category: webapps (php)
# Google dork: "powered by Family Connections"
##### Vulnerability #####
Family Connections 2.7.2 has multiple XSS vulnerabilities. These
exsist in the prayers and news sections.
For familynews.php the 'post' variable is vulnerable.
For prays.php the 'for' variable is vulnerable.
##### Vendor Notification #####
01/14/12 - Vendor Notified
##### Affected Variables #####
post=[XSS]
for=[XSS]
##### Exploit #####
The script can be added right in the page, there is no filtering of
input.
`
Related
cve
cve
CVE-2012-0699
2018-01-11 20:29:00
nvd
nvd
CVE-2012-0699
2018-01-11 20:29:00
prion
prion
Cross site request forgery (csrf)
2018-01-11 20:29:00
cvelist
cvelist
CVE-2012-0699
2018-01-11 20:00:00