| New User, Welcome! Login |
Elkapax CMS Cross site scripting vulnerability
| From: |
faghani nsec ir |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
Elkapax CMS Cross site scripting vulnerability |
| Date: |
Wed - Aug 12, 2009 11:19 PM |
================= IUT-CERT =================
Title: Elkapax CMS Multiple Vulnerabilities
Vendor: www.elkapax.com
Type: Input.Validation.Vulnerability (Cross Site Scripting)
Fix: N/A
================== nsec.ir =================
Description:
------------------
Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
product are vulnerable to XSS vulnerability.
Vulnerability Variant:
------------------
Cross Site Scripting vulnerability in Search page in "q" parameter.
http://example.com/?q=<script>alert(123)</script>&mode=2
Solution:
------------------
Input validation of Parameter "q" should be corrected.
Credit:
------------------
Isfahan University of Technology - Computer Emergency Response Team
Thanks to : N. Fathi, E. Jafari, M. R. Faghani
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
