F*EX 20100208/20111129-2 - Multiple Cross-Site Scripting Vulnerabilities
| EKU-ID: 41378 | CVE: CVE-2012-0869;OSVDB-79420 | OSVDB-ID: |
| Author: muuratsalo | Published: 2012-02-20 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 41378 | CVE: CVE-2012-0869;OSVDB-79420 | OSVDB-ID: |
| Author: muuratsalo | Published: 2012-02-20 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/52085/info F*EX is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials. Other attacks are also possible. http://www.example.com/fup [id parameter] http://www.example.com/fup [to parameter] http://www.example.com/fup [from parameter]