CMS iCAT suffers from a cross site scripting vulnerability.
4142a14039d875db3d4ba2aa458084220881ad8db02fefecb3781d62981f9bd0
# Cross Site Scripting on CMS iCAT
# Risk: Low
# CWE number: CWE-79
# Date: 15/04/2014
# Author: Felipe " Renzi " Gabriel
# Contact: renzi@linuxmail.org
# Tested on Windows 8 pro
# Vulnerable File: /index.php
# Exploit: http://host/index.php?seite=[xss]
# PoC:
- Target: partner.ruegg-cheminee.com
- Vuln. File: /index.php?seite=
- Exploit: "><marquee>Vulnerable</marquee>