Cross site scripting in VFront v0.99.5
Cross site scripting in VFront v0.99.5 Heading link
Multiple cross site scripting vulnerabilities are present in VFront 0.99.5. The following is detailed information about these vulnerabilities:
file: search_all.php line: 104 exploit: http://localhost/vfront-0.99.51/search_all.php?s=%22alert(1); file: add.attach.php line: 351 exploit: http://localhost/vfront-0.99.51/add.attach.php?feed=ko&id=1&t=tabella&msg=alert(1); Notes: the parameter 't' must be the name of an existing table inside the database managed by vfront.
Above vulnerabilities are published at CVE-2021-39420
This vulnerability was detected as part of the DARPA CHESS program