SecurityvulnsSECURITYVULNS:DOC:18146new vuln in snewscms.net.ru in lang file
New Advisory:
Snewscms Rus
http://www.medconsultation.ru
--------------------Summary----------------
Software: SnewsCMS Rus v. 2.1
Sowtware's Web Site: http://www.snewscms.net.ru
Versions: 2.1
Critical Level: Moderate
Type: XSS
Class: Remote
Status: Unpatched
PoC/Exploit: Not Available
Solution: Not Available
Discovered by: http://medconsultation.ru
-----------------Description---------------
- XSS.
Vulnerable script: news_page.php
Parameters 'page_id' is not
properly sanitized before being used in HTML tags. http://target.com/news_page.php?page_id="><h1>XSS</h1>
--------------PoC/Exploit----------------------
Waiting for developer(s) reply.
--------------Solution---------------------
No Patch available.
--------------Credit-----------------------
Discovered by: http://www.medconsultation.ru