vuln in snewscms Rus v 2.3

www . yo . by Mon, 17 Mar 2008 09:12:44 -0700

New Advisory:

Snewscms Rus v2


http://www.medprostuda.ru


--------------------Summary----------------

Software: SnewsCMS Rus v. 2.3

Sowtware's Web Site: http://www.snewscms.net.ru

Versions: 2.4

Critical Level: Moderate

Type: XSS

Class: Remote

Status: Unpatched

PoC/Exploit: Not Available

Solution: Not Available

Discovered by: http://medprostuda.ru


-----------------Description---------------

1. XSS.


Vulnerable script: search.php


Parameters 'query' is not

properly sanitized before being used in HTML tags. 
http://target.com/search.php?query=";><h1>XSS</h1>


--------------PoC/Exploit----------------------

Waiting for developer(s) reply.


--------------Solution---------------------

No Patch available.


--------------Credit-----------------------

Discovered by: http://www.medprostuda.ru

http://www.eserg.ru

vuln in snewscms Rus v 2.3

Reply via email to