Lucene search
High-Tech BridgeHTB22715HistoryNov 22, 2010 - 12:00 a.m.
Cross-site Scripting (XSS) Vulnerabilities in Zimplit CMS
2010-11-2200:00:00
High-Tech Bridge
www.htbridge.com
27
EPSS
0.014
Percentile
86.3%
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Zimplit CMS which could be exploited to perform cross-site scripting attacks.
- Cross-site scripting (XSS) vulnerabilities in Zimplit CMS: CVE-2010-4513
1.1 The vulnerability exists due to input sanitation error in the “file” parameter in zimplit.php when “action” is set to “load”. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in users browser in context of the vulnerable website. Exploitation example: http://host/path/zimplit.php?action=load&file=%3Cscript%3Ealert%28document.c ookie%29%3C/script%3E 1.2 The vulnerability exists due to input sanitation error in the "client" parameter in English_manual_version_2.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in users browser in context of the vulnerable website.
Exploitation example:
http://host/path/English_manual_version_2.php?client=c’"><script>a lert%28document.cookie%2 9%3C/script%3E
Related
cvelist
cvelist
CVE-2010-4513
2010-12-09 20:00:00
exploitdb
exploitdb
Zimplit CMS 3.0 - Multiple Vulnerabilities
2013-09-13 00:00:00
Zimplit CMS - 'English_manual_version_2.php?client' Cross-Site Scripting
2010-12-07 00:00:00
Zimplit CMS - 'zimplit.php?File' Cross-Site Scripting
2010-12-07 00:00:00
cve
cve
CVE-2010-4513
2010-12-09 21:00:01
prion
prion
Cross site scripting
2010-12-09 21:00:00
nvd
nvd
CVE-2010-4513
2010-12-09 21:00:01