Home page logo
/

bugtraq logo Bugtraq mailing list archives

new vuln in snewscms.net.ru in lang file
From: info () medconsultation ru
Date: 8 Oct 2007 11:07:08 -0000

New Advisory:
 Snewscms Rus
 http://www.medconsultation.ru

--------------------Summary----------------
 Software: SnewsCMS Rus v. 2.1
 Sowtware's Web Site: http://www.snewscms.net.ru
 Versions: 2.1
 Critical Level: Moderate
 Type: XSS
 Class: Remote
 Status: Unpatched
 PoC/Exploit: Not Available
 Solution: Not Available
 Discovered by: http://medconsultation.ru

-----------------Description---------------
 1. XSS.

Vulnerable script: news_page.php

Parameters 'page_id' is not
 properly sanitized before being used in HTML tags. http://target.com/news_page.php?page_id=";><h1>XSS</h1>

--------------PoC/Exploit----------------------
 Waiting for developer(s) reply.

--------------Solution---------------------
 No Patch available.

--------------Credit-----------------------
 Discovered by: http://www.medconsultation.ru


  By Date           By Thread  

Current thread:
  • new vuln in snewscms.net.ru in lang file info (Oct 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault