HotPlug CMS 1.0 Login1.PHP Cross-Site Scripting Vulnerability

2006-06-15T00:00:00
ID EDB-ID:28031
Type exploitdb
Reporter Federico Fazzi
Modified 2006-06-15T00:00:00

Description

HotPlug CMS 1.0 Login1.PHP Cross-Site Scripting Vulnerability. CVE-2006-3189. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/18454/info

HotPlug CMS is prone to a cross-site scripting attack. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary HTML and script code in the browser of a victim user in the context of the webserver process. This may help the attacker steal cookie-based authentication credentials or launch other attacks.

http://www.example.com/[hpc_path]/administration/tblcontent/login1.php?msg=[xss]