[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060218090835.GB9083@localdomain>
Date: Sat, 18 Feb 2006 10:08:35 +0100
From: ssteam.pl@...il.com
To: bugtraq@...urityfocus.com
Subject: e107 CMS 0.7.2 Chatbox plugin XSS vulnerability
Software: e107 CMS 0.7.2
Software Details: Chatbox Plugin v1.0
Class: Remote
Type: XSS
========== Desription ===========
XSS vulnerability exists in e107 0.7.2 CMS.
user input is not correctly sanitized in Chatbox Plugin v1.0.
========== Exploit =============
just paste sample code to a Chatbox:
<script>alert("xss vuln found by ssteam")</script>
Discovered by: marc & shb (ssteam.pl@...il.com)
Regards,
marc & shb
Powered by blists - more mailing lists