Description
Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by indoushka · textwebappsphp
https://www.exploit-db.com/exploits/33546
exploitdb
WORKING POC
VERIFIED
by indoushka · textwebappsphp
https://www.exploit-db.com/exploits/33545
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55761
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37852
Exploit x_refsource_misc
http://www.packetstormsecurity.com/1001-exploits/jokescomplete-xss.txt
Scores
EPSS
0.0071
EPSS Percentile
72.2%
Details
CWE
CWE-79
Status
published
Products (1)
easysitenetwork/jokes_complete_website
Published
Mar 25, 2010
Tracked Since
Feb 18, 2026