fipsCMS light - vulnerable to script injection.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: fipsCMS light - vulnerable to script injection.
From: preben@xxxxxxxxxxx
Date: 14 Nov 2005 00:37:37 -0000

fipsCMS lights is a freeware product of fipsasp.com. If you log on as admin, you can generate new pages in the CMS system.

If you inject the "headline" field with scriptingcode like <script>alert(?code executed?)</script>, this will automaticly launch when a users visits that site.

Please credit to: Preben Nyløkken

Prev by Date: [SECURITY] [DSA 895-1] New uim packages fix privilege escalation
Next by Date: [ADVISORY] CISCO ASA Failover DoS Vulnerability
Previous by thread: [SECURITY] [DSA 895-1] New uim packages fix privilege escalation
Next by thread: [ADVISORY] CISCO ASA Failover DoS Vulnerability
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux