Simpnews admin/pwlost.php Unspecified XSS

2006-10-24T16:18:50
ID OSVDB:30004
Type osvdb
Reporter OSVDB
Modified 2006-10-24T16:18:50

Description

Solution Description

Upgrade to version 2.34.01 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

/simpnews/admin/pwlost.php/%3E%22%3E%3CScRiPt%3Ealert("XSS")%3C/ScRiPt%3E

References:

Vendor URL: http://www.boesch-it.de/sw/php-scripts/simpnews/english/index.php Secunia Advisory ID:22535 Related OSVDB ID: 30003 Other Advisory URL: http://www.vigilon.com/vg-simpnews-24-10-2006.txt FrSIRT Advisory: ADV-2006-4162 CVE-2006-5530 Bugtraq ID: 20714