www.eVuln.com : "link" and "linkdescription" XSS in Social Share

From: bt@evuln.com
To: bugtraq@securityfocus.com
Subject: www.eVuln.com : "link" and "linkdescription" XSS in Social Share

www.eVuln.com advisory:
"link" and "linkdescription" XSS in Social Share
Summary: http://evuln.com/vulns/165/summary.html 
Details: http://evuln.com/vulns/165/description.html 

eVuln ID: EV0165
Software: Social Share
Vendor: n/a
Version: 2010-06-05
Critical Level: low
Type: Cross Site Scripting
Status: Unpatched. No reply from developer(s)
PoC: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )

It is possible to inject xss code into "link" and "linkdescription" parameters in processPost.php script.
Parameters "link" and "linkdescription" are not properly sanitized before being used in HTML code.

PoC code is available at:

Not available

Vulnerability discovered by Aliaksandr Hartsuyeu
http://evuln.com/penetration-test.html - penetration testing service

Copyright © 1995-2018 LinuxRocket.net. All rights reserved.