Full Disclosure mailing list archives
CVE Request: Fiyo CMS 2.0.6.1 - Multiple XSS Vulnerabilities
From: Himanshu Mehta <mehta.himanshu21 () gmail com>
Date: Mon, 29 Feb 2016 11:33:19 +0530
*1. Introduction* Affected Product: Fiyo CMS 2.0.6.1 Fixed in: 2.0.6.2 Vendor Website: http://www.fiyo.org/ Vulnerability Type: XSS Remote Exploitable: Yes *2. Overview* There are multiple XSS vulnerabilities in Fiyo CMS 2.0.6.1. The vulnerabilities exist due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in browser in context of the vulnerable application. *3. Affected Modules* Affected fields in the modules are listed below: i. Module: Dashboard->Users ->User List Section: User Group Field: Group Name ii. Module: Dashboard->Users->New User Section: Login Data Field: Nama Lengkap *4. Payload* <script>alert('XSS')</script> *5. Credit* Himanshu Mehta mehta.himanshu21 () gmail com _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CVE Request: Fiyo CMS 2.0.6.1 - Multiple XSS Vulnerabilities Himanshu Mehta (Mar 03)