Contexis CMS 1.0 Cross Site Scripting

2013-10-24T00:00:00
ID PACKETSTORM:123764
Type packetstorm
Reporter Juan Francisco
Modified 2013-10-24T00:00:00

Description

                                        
                                            `CVE-2013-6239:Contexis 1.0 CMS, Reflected Xss  
  
Severity: Medium  
  
Vendor: exis-ti.com  
  
Versions Affected: 1.0  
  
Description: The contexist has be found the reflected XSS Vulnerability if  
use the photo gallery model someone can insert xss code at the url  
executing javascript codes on the web.  
  
Exploit:  
  
  
GET /publicas/galeria-imagenes/Galeria-XXXXX.html?action=detail&image=<XSS  
code>  
  
Solution: update to Contexis 2.0 CMS  
  
Credit: This issue was discovered by Juan Francisco Bolivar  
es.linkedin.com/in/jfbolivar/  
  
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6239  
--   
  
  
Un saludo, Juan Francisco  
`