TML 0.5 index.php form Parameter XSS

2005-12-15T00:00:00
ID EDB-ID:26839
Type exploitdb
Reporter X1ngBox
Modified 2005-12-15T00:00:00

Description

TML 0.5 index.php form Parameter XSS. CVE-2005-4415. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/15876/info

TML CMS is prone to multiple input validation vulnerabilities.

Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.

TML CMS 0.5 is reportedly affected. Other versions may be vulnerable as well. 


http://www.example.com/[ztml]/index.php?type=tpl&form=<h1> x1ng <h1/>