[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

fipsCMS light - vulnerable to script injection.

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: fipsCMS light - vulnerable to script injection.
From: preben@xxxxxxxxxxx
Date: 14 Nov 2005 00:37:37 -0000

fipsCMS lights is a freeware product of fipsasp.com. If you log on as admin, 
you can generate new pages in the CMS system.

If you inject the "headline" field with scriptingcode like <script>alert(?code 
executed?)</script>, this will automaticly launch when a users visits that site.

Please credit to: Preben Nyløkken

Prev by Date: [SECURITY] [DSA 895-1] New uim packages fix privilege escalation
Next by Date: Advisory 22/2005: Multiple vulnerabilities in phpSysInfo
Previous by thread: [SECURITY] [DSA 895-1] New uim packages fix privilege escalation
Next by thread: Advisory 22/2005: Multiple vulnerabilities in phpSysInfo
Index(es):
- Date
- Thread