[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Contensis CMS XSS vunerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Contensis CMS XSS vunerability
From: smigofthedump@xxxxxxxxx
Date: 9 Jun 2006 07:53:34 -0000

Hello,

I have discovered a XSS vunerability in the Contensis
CMS. 

Input passed to the "search" parameter when performing
a search and various fields when using the search isn't properly sanitised ...

The vendors own site was tested in Windows Internet Explorer - the search 
funstion did not work at all in my versions of Safari or Firefox:
http://www.contensis.net

Code example: <script>alert('hello world');</script>


thanks
smigoftheDump

Prev by Date: PHP-Nuke Download Module Remote SQL Injection
Next by Date: [USN-288-3] PostgreSQL client vulnerabilities
Previous by thread: PHP-Nuke Download Module Remote SQL Injection
Next by thread: [USN-288-3] PostgreSQL client vulnerabilities
Index(es):
- Date
- Thread