phpWebSite Content Management System / Bugs / #1868 XSS over GET

#1868 XSS over GET

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2012-12-17

Created: 2012-12-17

Creator: ihaiha

Private: No

Hi, there is a XSS vulnerability because of wrong validation of "cm" parameter.

Check it out:
http://phpwebsite_1_7_3/index.php?module=filecabinet&cm=XSS_HERE&itn=icon&rf=0&fid=0&fr=1&ml=1&mw=60&mh=60&fud=0&ftype=1&fop=fm_folders&authkey=sialala

Discussion

Log in to post a comment.