SnewsCMS Rus version 2.3 suffers from a cross site scripting vulnerability.
b45d4a2d85b3c901aa91802abb1ffac2e776153efdcf56d50bed074fa76c3056New Advisory:
Snewscms Rus v2
http://www.medprostuda.ru
--------------------Summary----------------
Software: SnewsCMS Rus v. 2.3
Sowtware's Web Site: http://www.snewscms.net.ru
Versions: 2.4
Critical Level: Moderate
Type: XSS
Class: Remote
Status: Unpatched
PoC/Exploit: Not Available
Solution: Not Available
Discovered by: http://medprostuda.ru
-----------------Description---------------
1. XSS.
Vulnerable script: search.php
Parameters 'query' is not
properly sanitized before being used in HTML tags. http://target.com/search.php?query="><h1>XSS</h1>
--------------PoC/Exploit----------------------
Waiting for developer(s) reply.
--------------Solution---------------------
No Patch available.
--------------Credit-----------------------
Discovered by: http://www.medprostuda.ru
http://www.eserg.ru
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed