phpWebSite search module cross-site scripting vulnerability-vulnerability warning-the black bar safety net

2010-08-02T00:00:00
ID MYHACK58:62201027765
Type myhack58
Reporter 佚名
Modified 2010-08-02T00:00:00

Description

phpWebSite is a Web Content Management System(CMS).

phpWebSite realization on the presence of input validation vulnerabilities, a remote attacker could exploit this vulnerability in the user's browser to execute malicious code.

phpWebSite search module does not properly escape user input in the search result page generates a link, which allows the attacker to submit malicious search requests to perform cross-site scripting attacks.

http://phpwebsite.example.com/index.php?module=search&user=search&search=%2 2%3E%3Ch1%3EXSS%3C%2Fh1%3E&alternate=local&mod_title=all&submit=Search