• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PluggedOut Nexus Search Script Input Validation Vulnerabilities

PluggedOut Nexus is prone to multiple input validation vulnerabilities. These issues could permit HTML injection and SQL injection attacks.

In the case of the HTML injection vulnerabilities, these issues could let a remote attacker execute hostile HTML and script code in the browser session of a user of the affected site. This could permit attackers to steal cookie-based authentication credentials. Other attacks are also possible.

The SQL injection vulnerabilities could permit an attacker to influence the structure and logic of SQL queries made by the application. This could be exploited to compromise the application or gain unauthorized database access.