BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
XSS - CMS Made Simple v1.0.2 Dec 25 2006 09:13PM
Curtis Zimmerman (curtis zimmerman gmail com)
Product: CMS Made Simple v1.0.2
Class: XSS
Website: http://www.cmsmadesimple.org
Found by: L0j1k of D.I.E. Inc.
Googledork: "powered by cms made simple"
-=-=-=-=-
- Summary:

Optional user comment module not properly sanitized for <script> tags.
-=-=-=-=-
- PoC:

Input the following into user commen...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus