new vuln in snewscms.net.ru in lang file Oct 08 2007 11:07AM
info medconsultation ru
New Advisory:

Snewscms Rus

http://www.medconsultation.ru

--------------------Summary----------------

Software: SnewsCMS Rus v. 2.1

Sowtware's Web Site: http://www.snewscms.net.ru

Versions: 2.1

Critical Level: Moderate

Type: XSS

Class: Remote

Status: Unpatched

PoC/Exploit: Not Available

Solution: Not Available

Discovered by: http://medconsultation.ru

-----------------Description---------------

1. XSS.

Vulnerable script: news_page.php

Parameters 'page_id' is not

properly sanitized before being used in HTML tags. http://target.com/news_page.php?page_id="><h1>XSS</h1>

--------------PoC/Exploit----------------------

Waiting for developer(s) reply.

--------------Solution---------------------

No Patch available.

--------------Credit-----------------------

Discovered by: http://www.medconsultation.ru

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus