oss-sec mailing list archives

Cross site vulnerability (XSS) in OcPortal CMS 9.0.20

From: CSW Research Lab <disclose () cybersecurityworks com>
Date: Sat, 19 Dec 2015 08:47:01 +0000

Hi all

can you please assign CVE for this issue ?
http://ocportal.com/site/news/view/security_issues/security-patch-for-xss.htm?filter=1%2C2%2C3%2C29%2C30

Proof of Concept URL
***************************
[+] http://localhost/ocportal
/data/emoticons.php?field_name=post&keep_session=1
840048647&utheme=default&overlay=1/
[image: XSS on Data_emotions_browser.PNG]

Vulnerable Parameter(s):
******************************
[+]  Field_Name

Credits & Authors
--------------------
Arjun Basnet from Cyber Security Works Pvt. Ltd. (
http://cybersecurityworks.com)

Current thread:

Cross site vulnerability (XSS) in OcPortal CMS 9.0.20 CSW Research Lab (Dec 19)