Lucene search
Omer SingerEDB-ID:31060HistoryJan 25, 2008 - 12:00 a.m.
Drake CMS 0.4.9 - 'index.php' Cross-Site Scripting Vulnerability
2008-01-2500:00:00
Omer Singer
www.exploit-db.com
22
0.003 Low
EPSS
Percentile
65.2%
Drake CMS 0.4.9 βindex.phpβ Cross-Site Scripting Vulnerability. CVE-2007-6695. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/27459/info
Drake CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Drake CMS 0.4.9 is vulnerable; other versions may also be affected.
http://www.example.com/[path]/index.php?option="'><IFRAME%20SRC="javascript:alert('XSS');"></IFRAME>&Itemid=12 Related
cvelist
cvelist
CVE-2007-6695
2008-02-01 19:41:00
prion
prion
Cross site scripting
2008-02-01 20:00:00
nvd
nvd
CVE-2007-6695
2008-02-01 20:00:00
cve
cve
CVE-2007-6695
2008-02-01 20:00:00