Description
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) state, (9) zipcode, (10) phone, and (11) fax parameters in an update action. NOTE: some of these details are obtained from third party information.
Exploits (1)
References (6)
Core 6
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/14354
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/66279
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/41576
Exploit x_refsource_misc
http://packetstormsecurity.org/1007-exploits/ajarticle-xss.txt
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40560
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/60357
Scores
EPSS
0.0569
EPSS Percentile
90.4%
Details
CWE
CWE-79
Status
published
Products (1)
ajsquare/aj_article
3.0
Published
Jul 30, 2010
Tracked Since
Feb 18, 2026