HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities
-----------------------------------------------------
Advisory id: FSA:017
Author: Federico Fazzi
Date: 15/06/2006, 20:31
Sinthesis: HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities
Type: low
Product: http://hotplugcms.com/
Patch: unavailable
-----------------------------------------------------
1) Description:
Error occured in login1.php:
2) Proof of concept:
http://example/[hpc_path]/administration/tblcontent/login1.php?msg=[xss]
3) Solution:
echo "messages";