HotPlug CMS 1.0 Login1.PHP Cross-Site Scripting Vulnerability

ID EDB-ID:28031
Type exploitdb
Reporter Federico Fazzi
Modified 2006-06-15T00:00:00


HotPlug CMS 1.0 Login1.PHP Cross-Site Scripting Vulnerability. CVE-2006-3189. Webapps exploit for php platform


HotPlug CMS is prone to a cross-site scripting attack. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary HTML and script code in the browser of a victim user in the context of the webserver process. This may help the attacker steal cookie-based authentication credentials or launch other attacks.[hpc_path]/administration/tblcontent/login1.php?msg=[xss]