Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

new vuln in snewscms.net.ru in lang file

From: info () medconsultation ru
Date: 8 Oct 2007 11:07:08 -0000
New Advisory:
 Snewscms Rus
 http://www.medconsultation.ru

--------------------Summary----------------
 Software: SnewsCMS Rus v. 2.1
 Sowtware's Web Site: http://www.snewscms.net.ru
 Versions: 2.1
 Critical Level: Moderate
 Type: XSS
 Class: Remote
 Status: Unpatched
 PoC/Exploit: Not Available
 Solution: Not Available
 Discovered by: http://medconsultation.ru

-----------------Description---------------
 1. XSS.

Vulnerable script: news_page.php

Parameters 'page_id' is not
 properly sanitized before being used in HTML tags. http://target.com/news_page.php?page_id=";><h1>XSS</h1>

--------------PoC/Exploit----------------------
 Waiting for developer(s) reply.

--------------Solution---------------------
 No Patch available.

--------------Credit-----------------------
 Discovered by: http://www.medconsultation.ru
Previous By Date Next
Previous By Thread Next

Current thread: