Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24724
HistorySep 12, 2010 - 12:00 a.m.

Member Management System v 4.0 XSS vuln.

2010-09-1200:00:00
vulners.com
15

###############################################
Vuln. discovered by : r0t
Date: 09 September 2010
vendor:http://www.expinion.net/Applications/MMS_overview.asp
orginal advisory:http://pridels-team.blogspot.com/2010/09/member-management-system-v-40-xss-vuln.html
affected versions:v 4.0 and other
versions also can be affected.
###############################################

Member Management System contains a flaw that allows a remote
Cross-Site Scripting attacks.Input passed to the "REF_URL" parameter
in "admin/index.asp" isn't properly sanitised before being returned to
the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.
##############################################

Solution:
Filter malicious characters and character sequences in a web proxy.
###############################################