, , , , , , , , , , , , , , , , , , ,

computer pitch


Webs ID Reflected XSS (Cross-site Scripting) Security Vulnerabilities

Exploit Title: Webs ID /login.jsp &error Parameter Reflected XSS (Cross-site Scripting) Security

Vendor: Webs, Inc

Product: Webs ID

Vulnerable Versions:

Tested Version:

Advisory Publication: April 02, 2015

Latest Update: April 02, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Writer and Reporter: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Proposition Details:

(1) Vendor & Product Description:


Webs, Inc

Product & Vulnerable Versions:

Webs ID

Vendor URL & download:

Webs ID can be obtained from here,



Terms of Service Overview:

” The services offered by Webs, Inc. (“Webs” or “us” or “we” or “our”) include the websites at http://www.webs.com and http://www.freewebs.com as well as any other related websites, toolbars, widgets, or other distribution channels we may, from time to…

View original post 485 more words