Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
htbridgeHigh-Tech BridgeHTB22353
HistoryApr 18, 2010 - 12:00 a.m.

Cross-site Scripting Vulnerability in ecoCMS

2010-04-1800:00:00
High-Tech Bridge
www.htbridge.com
15

0.009 Low

EPSS

Percentile

83.2%

JSON

High-Tech Bridge SA Security Research Lab has discovered vulnerability in ecoCMS which could be exploited to perform cross-site scripting (XSS) attacks.

  1. Cross-site scripting vulnerability in ecoCMS: CVE-2010-5046
    Input validation error was found in the ā€œpā€ parameter in /admin.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and scripting code in user`s browser in context of the vulnerable website.

Exploitation example:

http://example.com/admin.php?p=1"><script>alert(document.cookie) %3C/script%3E

CPENameOperatorVersion
ecocmseq08.07.2012

Related

cvelist 1
nvd 1
prion 1
cve 1
cvelist
cvelist
CVE-2010-5046
2011-11-23 01:00:00
nvd
nvd
CVE-2010-5046
2011-11-23 01:55:03
prion
prion
Cross site scripting
2011-11-23 01:55:00
cve
cve
CVE-2010-5046
2011-11-23 01:55:03

0.009 Low

EPSS

Percentile

83.2%

JSON
Related for HTB22353
cvelist1nvd1prion1cve1