Elkapax CMS Cross Site Scripting

2009-08-15T00:00:00
ID PACKETSTORM:80331
Type packetstorm
Reporter Isfahan University of Technology
Modified 2009-08-15T00:00:00

Description

                                        
                                            `================= IUT-CERT =================  
  
Title: Elkapax CMS Multiple Vulnerabilities  
  
Vendor: www.elkapax.com  
  
Type: Input.Validation.Vulnerability (Cross Site Scripting)  
  
Fix: N/A  
  
================== nsec.ir =================  
  
Description:  
  
------------------  
  
Elkapax is a CMS producer in Iran. Search page in Elkapax CMS  
  
product are vulnerable to XSS vulnerability.  
  
Vulnerability Variant:  
  
------------------  
  
Cross Site Scripting vulnerability in Search page in "q" parameter.  
  
http://example.com/?q=<script>alert(123)</script>&mode=2  
  
  
Solution:  
  
------------------  
  
Input validation of Parameter "q" should be corrected.  
  
Credit:  
  
------------------  
  
Isfahan University of Technology - Computer Emergency Response Team  
  
Thanks to : N. Fathi, E. Jafari, M. R. Faghani  
`