Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11229
HistoryJan 30, 2006 - 12:00 a.m.

EasyCMS vulnerable to XSS injection.

2006-01-3000:00:00
vulners.com
6
JSON

The Norwegian web-publishing system EasyCMS (www.easycms.no) contains multiple input flaws letting users
conduct successful XSS attacks. Both in the admin section, and the webpage that uses the system is vulnerable
to XSS.

It does not filter script tags and simple scripting like <script>alert(β€˜XSS’)</script> will work. Nearly all
of the systems input boxes is open for scripting tags.

Furthermore it’s open for directory browsing ( http://<site>/images ).
The developers has been notified, and working on patching the system.

Please credit to: Preben NylΓΈkken

JSON