Alguest 1.1c-patched Cross Site Scripting

2010-12-02T00:00:00
ID PACKETSTORM:96297
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2010-12-02T00:00:00

Description

                                        
                                            `New eVuln Advisory:  
Multiple XSS in Alguest  
Summary: http://evuln.com/vulns/151/summary.html   
Details: http://evuln.com/vulns/151/description.html   
  
-----------Summary-----------  
eVuln ID: EV0151  
Software: Alguest  
Vendor: n/a  
Version: 1.1c-patched  
Critical Level: low  
Type: Cross Site Scripting  
Status: Unpatched. No reply from developer(s)  
PoC: Available  
Solution: Not available  
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )  
--------Description--------  
User-defined parameters: nome, messaggio,link are not sanitized.  
Arbitrary XSS injection is possible.  
Vulnerable script: index.php.  
--------PoC/Exploit--------  
XSS inj examples  
  
All input data is not sanitized.  
  
Nick: <XSS inj>  
  
Message: <XSS inj>  
  
Homepage: javascript:<XSS inj>  
---------Solution----------  
Not available  
----------Credit-----------  
Vulnerability discovered by Aliaksandr Hartsuyeu  
http://evuln.com/tool/web-security.html - website security tester  
`