Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
htbridgeHigh-Tech BridgeHTB23166
HistoryJul 24, 2013 - 12:00 a.m.

Cross-Site Scripting (XSS) in Twilight CMS

2013-07-2400:00:00
High-Tech Bridge
www.htbridge.com
20

EPSS

0.002

Percentile

56.1%

JSON

High-Tech Bridge Security Research Lab discovered vulnerability in Twilight CMS, which can be exploited to perform Cross-Site Scripting (XSS) attacks.

  1. Cross-Site Scripting (XSS) in Twilight CMS: CVE-2013-4899
    The vulnerability exists due to insufficient filtration of user-supplied data appended to “/gallery/” URL. A remote attacker can trick a logged-in user to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
    The exploitation example below uses JavaScript “alert()” function to display user’s cookies:
    http://[host]/gallery//%f6%22%20onmouseover%3dalert%28document.cookie%29%20/ /

Related

nvd 1
securityvulns 2
packetstorm 1
prion 1
cvelist 1
zdt 1
cve 1
nvd
nvd
CVE-2013-4899
2013-09-09 17:55:03
securityvulns
securityvulns
Cross-Site Scripting (XSS) in Twilight CMS
2013-09-09 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-09-09 00:00:00
packetstorm
packetstorm
Twilight CMS 5.17 Cross Site Scripting
2013-08-22 00:00:00
prion
prion
Cross site scripting
2013-09-09 17:55:00
cvelist
cvelist
CVE-2013-4899
2013-09-09 17:00:00
zdt
zdt
Twilight CMS 5.17 Cross Site Scripting Vulnerability
2013-08-23 00:00:00
cve
cve
CVE-2013-4899
2013-09-09 17:55:03

EPSS

0.002

Percentile

56.1%

JSON
Related for HTB23166
nvd1securityvulns2packetstorm1prion1cvelist1zdt1cve1