[41170] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

fipsCMS light - vulnerable to script injection.

daemon@ATHENA.MIT.EDU (preben@watchcom.no)
Mon Nov 14 14:47:17 2005

Date: 14 Nov 2005 00:37:37 -0000
Message-ID: <20051114003737.10524.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: preben@watchcom.no
To: bugtraq@securityfocus.com

fipsCMS lights is a freeware product of fipsasp.com. If you log on as admin, you can generate new pages in the CMS system.

If you inject the "headline" field with scriptingcode like <script>alert(‘code executed’)</script>, this will automaticly launch when a users visits that site.

Please credit to: Preben Nyløkken


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[41170] in bugtraq

fipsCMS light - vulnerable to script injection.

daemon@ATHENA.MIT.EDU (preben@watchcom.no)Mon Nov 14 14:47:17 2005

daemon@ATHENA.MIT.EDU (preben@watchcom.no)
Mon Nov 14 14:47:17 2005