Family Connections version 2.7.2 suffers from multiple cross site scripting vulnerabilities.
5708038703eff558aa29a3d2220a11ecb77fc62d8c334b6ac861c31ef959d82f# Exploit Title: Family Connections 2.7.2 Multiple XSS
# Date: 01/14/12
# Author: G13
# CVE: 2012-0699
# Software Link: https://sourceforge.net/projects/fam-connections/
# Version: 2.7.2
# Category: webapps (php)
# Google dork: "powered by Family Connections"
##### Vulnerability #####
Family Connections 2.7.2 has multiple XSS vulnerabilities. These
exsist in the prayers and news sections.
For familynews.php the 'post' variable is vulnerable.
For prays.php the 'for' variable is vulnerable.
##### Vendor Notification #####
01/14/12 - Vendor Notified
##### Affected Variables #####
post=[XSS]
for=[XSS]
##### Exploit #####
The script can be added right in the page, there is no filtering of
input.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed