4 matches found
CVE-2014-8469
CVE-2014-8469 is a stored XSS in PHPFox (Moxi9) before 4 Beta, exploitable via the User-Agent header in AdminCP’s Guests/Boots. The issue arises from manipulating the user_agent field, enabling remote script/html injection. Public records show an exploit exists (PHPFox XSS AdminCP) and the vendor...
CVE-2014-8469
Cross-site scripting XSS vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header...
PHPFox - Persistent Cross-Site Scripting
Exploit Title: PHPFox XSS AdminCP Date: 2014-10-22 Exploit Author: Wesley Henrique Leite aka "spyk2r" Vendor Homepage: http://www.moxi9.com Version: All version CVE : CVE-2014-8469 Response Vendor: fixed 2014-10-23 to v4 Beta + DESCRIPTION The system stores all urls accessed in a database table,...
PHPFox - Persistent Cross-Site Scripting
PHPFox - Persistent Cross-Site Scripting Exploit Title: PHPFox XSS AdminCP Date: 2014-10-22 Exploit Author: Wesley Henrique Leite aka "spyk2r" Vendor Homepage: http://www.moxi9.com Version: All version CVE : CVE-2014-8469 Response Vendor: fixed 2014-10-23 to v4 Beta + DESCRIPTION The system store...