Vulners
Lucene search
WEBIGniter v28.7.23 - Stored XSS Vulnerability
## Title: WEBIGniter v28.7.23 XSS
## Author: RedTeamer IT Security, Mesut Cetin
## Vendor: https://webigniter.net/
## Software: https://webigniter.net/demo
## Reference: https://portswigger.net/web-security/cross-site-scripting/stored
## Description:
During the user creation process, the 'your_name' parameter fails to adequately validate user input, rendering the system vulnerable to reflected cross-site scripting (XSS) attacks.
## PoC
To exploit this vulnerability, an attacker can inject malicious JavaScript code into the "your_name" parameter under https://webigniter.net/create-account during the user creation process. This code, when embedded within an image tag like this: <img src onerror="prompt(8)">, can be executed when the user navigates to the "users" page under their profile.
## Mitigation
To mitigate this risk, the "your_name" parameter should be subjected to rigorous input validation and encoding to ensure that all user input is sanitized and rendered harmless.
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Mar 2024 00:00Current
7.4High risk
Vulners AI Score7.4