w-CMS HTML Injection and Local File Include Vulnerabilities

w-CMS is prone to multiple HTML-injection vulnerabilities and a local file-include vulnerability.

Exploiting these issues could allow an attacker to execute arbitrary HTML and script code in the context of the affected browser, steal cookie-based authentication credentials, and execute arbitrary local scripts in the context of the webserver process. Other attacks are also possible.

w-CMS 2.0.1 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus