DCP-Portal 3.7/4.x/5.x news.php cid Parameter XSS

2014-07-01T00:00:00
ID SSV:78357
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/11338/info
 
DCP-Portal is reported prone to multiple cross-site scripting vulnerabilities. It is reported that DCP-Portal does not sufficiently filter URI parameters supplied to several scripts.
 
Because of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user if the link is followed. The script code contained in the URI parameter will be executed in the context of the vulnerable website.
 
This may allow for theft of cookie-based authentication credentials and other attacks.

http://www.example.com/news.php?nid=34&cid=[XSS code here]