Computer Security

Security Advisory: new vuln in snewscms.net.ru in lang file
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [Aria-Security] Stuffed Tracker Multiple Cross-Site Scripting VULN

  TorrentTrader Classic Mutiple Remote vulnerabilities

  Else If cms Multiple Remote vulnerabilities

  idmos-phoenix cms Remote File inclusion

From:info_(at)_medconsultation.ru <info_(at)_medconsultation.ru>
Date:08.10.2007
Subject:new vuln in snewscms.net.ru in lang file

New Advisory:
Snewscms Rus
http://www.medconsultation.ru

--------------------Summary----------------
Software: SnewsCMS Rus v. 2.1
Sowtware's Web Site: http://www.snewscms.net.ru
Versions: 2.1
Critical Level: Moderate
Type: XSS
Class: Remote
Status: Unpatched
PoC/Exploit: Not Available
Solution: Not Available
Discovered by: http://medconsultation.ru

-----------------Description---------------
1. XSS.

Vulnerable script: news_page.php

Parameters 'page_id' is not
properly sanitized before being used in HTML tags. http://target.com/news_page.php?page_id="><h1>XSS</h1>

--------------PoC/Exploit----------------------
Waiting for developer(s) reply.

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: http://www.medconsultation.ru
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server