HotPlugCMS version 1.0 is susceptible to a cross site scripting flaw.
23c7138c7a38ad5a3ac8ab444cab9e0365e9c8ab9c894592e8b50bc8a813cd28
-----------------------------------------------------
Advisory id: FSA:017
Author: Federico Fazzi
Date: 15/06/2006, 20:31
Sinthesis: HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities
Type: low
Product: http://hotplugcms.com/
Patch: unavailable
-----------------------------------------------------
1) Description:
Error occured in login1.php:
2) Proof of concept:
http://example/[hpc_path]/administration/tblcontent/login1.php?msg=[xss]
3) Solution:
echo "messages";