CMSsimpleXSS.txt

2005-07-02T00:00:00
ID PACKETSTORM:38433
Type packetstorm
Reporter RB9
Modified 2005-07-02T00:00:00

Description

                                        
                                            ` CMS Made Simple is an open source project which uses the smarty  
template engine in various places. Its website is at  
http://cmsmadesimple.org while the smarty site is at  
http://smarty.php.net  
  
  
CMS Made Simple suffers from a Cross Site scripting (XSS) and path  
disclosure vulnerability;  
  
http://[host]/[folder]/index.php?page=<script>alert(document.cookie)  
</script>  
  
  
  
FNSE advisory  
http://fnse.be.tt  
  
Watch out for my new book "How to Make Unhackable French Fries"  
  
RB9  
`