SecPod Research Team member (Antu Sanadi) has found Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities in ArticleSetup. The vulnerability is caused by improper validation of various parameters in multiple pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

More information can be found here.

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>