| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 13 Aug 2009 06:03:19 -0000 From: faghani@...c.ir To: bugtraq@...urityfocus.com Subject: Elkapax CMS Cross site scripting vulnerability ================= IUT-CERT ================= Title: Elkapax CMS Multiple Vulnerabilities Vendor: www.elkapax.com Type: Input.Validation.Vulnerability (Cross Site Scripting) Fix: N/A ================== nsec.ir ================= Description: ------------------ Elkapax is a CMS producer in Iran. Search page in Elkapax CMS product are vulnerable to XSS vulnerability. Vulnerability Variant: ------------------ Cross Site Scripting vulnerability in Search page in "q" parameter. http://example.com/?q=<script>alert(123)</script>&mode=2 Solution: ------------------ Input validation of Parameter "q" should be corrected. Credit: ------------------ Isfahan University of Technology - Computer Emergency Response Team Thanks to : N. Fathi, E. Jafari, M. R. Faghani
Powered by blists - more mailing lists