# [x] Author: Andrea Bocchetti # [x] Homepage : http://www.geekit.it // Software Info # [x] Name : Lisk cms # [x] Vendor : http://lisk-cms.com/ # [x] Version : 4.4 [#]-------------------------------------------------------------------------------------------[#] # # [x] Exploit Xss cookie stealing # # Demo exploit : http://lisk-cms.com/demo/admin/track_order/?track_number=&imageField.x=26&imageField.y=10 # # track_number fields are potentially exploitable XSS # #EOF