Home page logo

bugtraq logo Bugtraq mailing list archives

YEKTAWEB CMS XSS Vulnerability
From: faghani () nsec ir
Date: 28 Dec 2010 05:38:19 -0000

================= IUT-CERT =================

Title: YEKTAWEB CMS XSS Vulnerability

Vendor: www.yektaweb.com

Dork: Powered by Academic Web Tools ( AWT ) - Yektaweb Collection
Type: Input.Validation.Vulnerability (cross-Site scripting)

Fix: N/A

================== nsec.ir =================


YEKTAWEB is an Academic web tool. "browse.php" pages in this CMS is vulnerable 
to xss and link injection.

Vulnerability Variant:
XSS: "browse.php" in "a_code" parameter. 

http://www.example.com/browse.php?a_code=1>"><ScRiPt %0A%0D>alert(12345)%3B</ScRiPt>.


Input validation of Parameter "a_code" should be corrected.


Isfahan University of Technology - Computer Emergency Response Team

Thanks to :  N. Fathi, M. R. Faghani

  By Date           By Thread  

Current thread:
  • YEKTAWEB CMS XSS Vulnerability faghani (Dec 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]