[eVuln.com] URL and Title XSS in AxsLinks

Type securityvulns
Reporter Securityvulns
Modified 2010-11-24T00:00:00


New eVuln Advisory: URL and Title XSS in AxsLinks http://evuln.com/vulns/139/summary.html

-----------Summary----------- eVuln ID: EV0139 Software: AxsLinks Vendor: AXScripts Version: 0.3 Critical Level: medium Type: Cross Site Scripting Status: Unpatched. No reply from developer(s) PoC: Not available Not available Solution: Available Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ ) --------Description-------- User-defined parameters "url" and "title" (script "addlink.php") are not properly sanitized. XSS is possibl. --------PoC/Exploit-------- Will be available soon at http://evuln.com/vulns/139/exploit.html ---------Solution---------- Available at http://evuln.com/vulns/139/solution.html ----------Credit----------- Vulnerability discovered by Aliaksandr Hartsuyeu http://evuln.com/tool/php-security.html - PHP sources Online Analyzer