www.eVuln.com : "titl","url" - Non-persistent XSS in Social Share

From: bt@evuln.com
To: bugtraq@securityfocus.com
Subject: www.eVuln.com : "titl","url" - Non-persistent XSS in Social Share

www.eVuln.com advisory:
"title" and "ur"l - Non-persistent XSS in Social Share
Summary: http://evuln.com/vulns/164/summary.html 
Details: http://evuln.com/vulns/164/description.html 

eVuln ID: EV0164
Software: Social Share
Vendor: n/a
Version: 2010-06-05
Critical Level: low
Type: Cross Site Scripting
Status: Unpatched. No reply from developer(s)
PoC: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )

It is possible to inject xss code into "title" and "url" parameters in save.php script.
Parameters "title", "url" are not properly sanitized before being used in HTML code.

PoC code is available at:

Not available

Vulnerability discovered by Aliaksandr Hartsuyeu
http://evuln.com/code-analysis.html - source code review service

Copyright © 1995-2018 LinuxRocket.net. All rights reserved.