Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: bt-21079.htm

moziloCMS 1.11.1 - XSS Vulnerability



moziloCMS 1.11.1 - XSS Vulnerability
moziloCMS 1.11.1 - XSS Vulnerability



moziloCMS - Cross Site Scripting Vulnerability

Version Affected: 1.11.1 (19th May 2009) (newest)

Info: See website for more information. (It's in german and i don't bother translating)

Credits: InterN0T

External Links:
http://cms.mozilo.de/ 


-:: The Advisory ::-

Vulnerable Function / ID Calls: (XSS)
cat & file (these has to be used in conjunction with action=editsite).

Cross Site Scripting: 
&file=">&file="> 

-:: Solution ::-
I didn't bother to find one, sorry.

Reference:
http://forum.intern0t.net/intern0t-advisories/1080-intern0t-mozilocms-1-11-1-cross-site-scripting-vulnerability.html 

Disclosure Information:
- Vulnerability found and confirmed between 1st and 3rd June 2009.
- Published at InterN0T the 3rd June 2009.
- Bugtraq contacted the 3rd June 2009.


All of the best,
MaXe


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH