Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27580
HistoryJan 21, 2012 - 12:00 a.m.

Family Connections 2.7.2 Multiple XSS

2012-01-2100:00:00
vulners.com
14
JSON

Exploit Title: Family Connections 2.7.2 Multiple XSS

Date: 01/14/12

Author: G13

CVE: 2012-0699

Software Link: https://sourceforge.net/projects/fam-connections/

Version: 2.7.2

Category: webapps (php)

Google dork: "powered by Family Connections"

Vulnerability

Family Connections 2.7.2 has multiple XSS vulnerabilities. These
exsist in the prayers and news sections.

For familynews.php the 'post' variable is vulnerable.

For prays.php the 'for' variable is vulnerable.

Vendor Notification

01/14/12 - Vendor Notified

Affected Variables

post=[XSS]
for=[XSS]

Exploit

The script can be added right in the page, there is no filtering of
input.

JSON