The Norwegian web-publishing system EasyCMS (www.easycms.no) contains multiple input flaws letting users conduct successful XSS attacks. Both in the admin section, and the webpage that uses the system is vulnerable to XSS.

It does not filter script tags and simple scripting like <script>alert(?XSS?...

[ more ]