Limbo CMS admin.php com_option Variable XSS

ID OSVDB:39642
Type osvdb
Reporter OSVDB
Modified 2007-12-25T00:00:00


Vulnerability Description

Limbo contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'com_option' variables upon submission to the 'admin.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes



Secunia Advisory ID:28190 Other Advisory URL: ISS X-Force ID: 39207 FrSIRT Advisory: ADV-2007-4317 CVE-2007-6564 Bugtraq ID: 27027