• info
• discussion
• exploit
• solution
• references

Caravel CMS Multiple Cross-Site Scripting Vulnerabilities

No exploit is required.

Proof of concept examples are available:

http://www.example.com/Introduction?&CB=CB1&fileDN=[XSS]

http://www.example.com/Community/News?&CB=CB1&fileDN=[XSS]

http://www.example.com/Community/News?&CB=CB1&fileDN=mnF%3
Djune2005.html%2CmnOD%3DNewsletter%2
CmnOD%3DMy%20Documents%2Cdc%3Demanuel
%2Cdc%3Dmennonite%2Cdc%3Dnet&folderv
iewer_attrs=[XSS]

http://www.example.com/Introduction?&CB=CB1&fileDN=mnF%3D2.
3.html%2CmnOD%3DNews%2CmnOD%3DMy%20D
ocuments%2Cdc%3Demanuel%2Cdc%3Dmenno
nite%2Cdc%3Dnet&folderviewer_attrs=[XSS]