CVE-2017-7390

A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the 'SocialNetwork-andrea/app/template/pw_forgot.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:socialnetwork_project:socialnetwork:1.2.1:*:*:*:*:*:*:*

Information

Published : 2017-03-31 19:59

Updated : 2017-04-04 18:59


NVD link : CVE-2017-7390

Mitre link : CVE-2017-7390


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

socialnetwork_project

  • socialnetwork