----------------------------------------------------- Advisory id: FSA:017 Author: Federico Fazzi Date: 15/06/2006, 20:31 Sinthesis: HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities Type: low Product: http://hotplugcms.com/ Patch: unavailable ----------------------------------------------------- 1) Description: Error occured in login1.php: 2) Proof of concept: http://example/[hpc_path]/administration/tblcontent/login1.php?msg=[xss] 3) Solution: echo "messages";
