Micro CMS 1.0 - name HTML Injection (1)

Type exploitpack
Reporter Veerendra G.G
Modified 2010-09-28T00:00:00


Micro CMS 1.0 - name HTML Injection (1)

                                            source: https://www.securityfocus.com/bid/43556/info

Micro CMS is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Micro CMS 1.0 beta 1 is vulnerable; other versions may also be affected. 

<script> alert('XSS-Test')</script>
  in "* Name" textbox in comment section and fill other sections properly.