|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: chicomas <=2.0.4 Multiple Vulnerabilities
From: security curmudgeon (jericho
attrition.org)
Date: Sat Dec 20 2008 - 14:55:01 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, 20 Dec 2008, adminbugreport.ir wrote:
: +-->Cross Site Scripting (XSS). Reflected XSS attack in "index.php" in "q"
: parameter.
:
: POC:
: http://[URL]/chicomas/index.php?q="<script>alert(/www.BugReport.ir/.source)</script>
This was disclosed on May 5th [1] by Hadi Kiamarsi and was assigned BID
29025 / CVE-2008-2186 / OSVDB 44809.
- jericho
[1] http://marc.info/?l=bugtraq&m=120975560407192&w=2
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]