Multiple cross site scripting vulnerabilities exist in Citypost software. Affected pieces are: Simple PHP Upload, Simple Image Editor, and Automated Link Exchange.
fb7666c663354613b4b8758c291e5c64af03667f9d222b7d29c22120c7a0703f
sNKenjoi's Security Advisory: XSS Vunerabilities in Multiple CityPost Software
Security Advisory: XSS Vunerabilities in Multiple CityPost Software
Severity: Medium
Title: XSS Vunerabilities in Simple PHP Upload, Simple Image Editor
and Automated Link Exchange
Vendor: Allen Kim
Vendor Website: http://tech.citypost.ca/
Proof of Concept Exploits:
Simple PHP Upload - XSS
http://localhost/simple-upload-53.php?message=[XSS]
Simple Image Editor - XSS's in 5 seperate places
http://localhost/image-editor-52/?m1=[XSS]&m2=[XSS]&m3=[XSS]&imgsrc=[XSS]&m4=[XSS]
Automated Link Exchange - XSS
http://localhost/lnkx/message.php?msg=[XSS]
snkenjoi.com & zone-h.org
snkenjoi@gmail.com
--
snkenjoi.com