CVE-2010-1111
published 2010-03-25CVE-2010-1111: Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.48%
70.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WebKit 1.2.x - Right-to-Left Displayed Text Handling Memory Corruption
exploitdb·2010-03-11
CVE-2010-0049 WebKit 1.2.x - Right-to-Left Displayed Text Handling Memory Corruption
WebKit 1.2.x - Right-to-Left Displayed Text Handling Memory Corruption
---
source: https://www.securityfocus.com/bid/38689/info
WebKit is prone to a remote memory-corruption vulnerability; fixes are available.
Successful exploits may allow the attacker to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
This issue was previously documented in BID 38671 (Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities) but has been given its own record to better document it.
// 1111 13333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333
Exploit-DB
Easysitenetwork Jokes Complete Website - 'searchingred' Cross-Site Scripting
exploitdb·2010-01-18
CVE-2010-1111 Easysitenetwork Jokes Complete Website - 'searchingred' Cross-Site Scripting
Easysitenetwork Jokes Complete Website - 'searchingred' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/37852/info
EasySiteNetwork Jokes Complete Website is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/Jokes/results.php?searchingred=
Exploit-DB
Easysitenetwork Jokes Complete Website - 'id' Cross-Site Scripting
exploitdb·2010-01-18
CVE-2010-1111 Easysitenetwork Jokes Complete Website - 'id' Cross-Site Scripting
Easysitenetwork Jokes Complete Website - 'id' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/37852/info
EasySiteNetwork Jokes Complete Website is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/Jokes/joke.php?id=>">alert(213771818860)%3B&listtype=1
No writeups or analysis indexed.
http://www.packetstormsecurity.com/1001-exploits/jokescomplete-xss.txthttp://www.securityfocus.com/bid/37852https://exchange.xforce.ibmcloud.com/vulnerabilities/55761http://www.packetstormsecurity.com/1001-exploits/jokescomplete-xss.txthttp://www.securityfocus.com/bid/37852https://exchange.xforce.ibmcloud.com/vulnerabilities/55761
2010-03-25
Published