High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Zimplit CMS which could be exploited to perform cross-site scripting attacks.
s browser in context of the vulnerable website. Exploitation example: http://host/path/zimplit.php?action=load&file=%3Cscript%3Ealert%28document.c ookie%29%3C/script%3E 1.2 The vulnerability exists due to input sanitation error in the "client" parameter in English_manual_version_2.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user
s browser in context of the vulnerable website.