New eVuln Advisory: URL XSS in Easy Banner Free Summary: http://evuln.com/vulns/148/summary.html Details: http://evuln.com/vulns/148/description.html -----------Summary----------- eVuln ID: EV0148 Software: Easy Banner Free Vendor: PHP Web Scripts Version: 2009.05.18 Critical Level: low Type: Cross Site Scripting Status: Unpatched. No reply from developer(s) PoC: Available Solution: Available Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ ) --------Description-------- Site URL and Banner URL are not properly sanitized against Cross Site Scripting attacks. Vulnerable script: index.php. Parameters siteurl and urlbanner may contain XSS code. --------PoC/Exploit-------- PoC code is available at: http://evuln.com/vulns/148/exploit.html ---------Solution---------- Available at http://evuln.com/vulns/148/solution.html ----------Credit----------- Vulnerability discovered by Aliaksandr Hartsuyeu http://evuln.com/tool/web-security.html - website security tester
