TUCoPS :: Web :: CMS / Portals :: b06-3051.htm

HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities
HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities
HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities


-----------------------------------------------------
Advisory id: FSA:017

Author:    Federico Fazzi
Date:	   15/06/2006, 20:31
Sinthesis: HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities
Type:	   low
Product: http://hotplugcms.com/ 
Patch:	   unavailable
-----------------------------------------------------


1) Description:


Error occured in login1.php:



2) Proof of concept:

http://example/[hpc_path]/administration/tblcontent/login1.php?msg=[xss] 

3) Solution:

echo "messages";

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH