DCP-Portal 3.7/4.x/5.x news.php cid Parameter XSS

ID EDB-ID:24662
Type exploitdb
Reporter Alexander Antipov
Modified 2004-10-06T00:00:00


DCP-Portal 3.7/4.x/5.x news.php cid Parameter XSS. CVE-2004-2511. Webapps exploit for php platform

                                            source: http://www.securityfocus.com/bid/11338/info
DCP-Portal is reported prone to multiple cross-site scripting vulnerabilities. It is reported that DCP-Portal does not sufficiently filter URI parameters supplied to several scripts.
Because of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user if the link is followed. The script code contained in the URI parameter will be executed in the context of the vulnerable website.
This may allow for theft of cookie-based authentication credentials and other attacks.

http://www.example.com/news.php?nid=34&cid=[XSS code here]