[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] CVE Request: Fiyo CMS 2.0.6.1 - Multiple XSS Vulnerabilities
From: Himanshu Mehta <mehta.himanshu21 () gmail ! com>
Date: 2016-02-29 6:15:19
Message-ID: CAAYZd=m9PCWf2s5aqr8sNwtab_KPNNhAv1w3t7C2xDZ0EVupRQ () mail ! gmail ! com
[Download RAW message or body]
*1. Introduction*
Affected Product: Fiyo CMS 2.0.6.1
Fixed in: 2.0.6.2
Vendor Website: http://www.fiyo.org/
Vulnerability Type: XSS
Remote Exploitable: Yes
*2. Overview*
There are multiple XSS vulnerabilities in Fiyo CMS 2.0.6.1. The
vulnerabilities exist due to insufficient filtration of user-supplied data.
A remote attacker can execute arbitrary HTML and script code in browser in
context of the vulnerable application.
*3. Affected Modules*
Affected fields in the modules are listed below:
i. Module: Dashboard->Users ->User List
Section: User Group
Field: Group Name
ii. Module: Dashboard->Users->New User
Section: Login Data
Field: Nama Lengkap
*4. Payload*
<script>alert('XSS')</script>
*5. Credit*
Himanshu Mehta
mehta.himanshu21@gmail.com
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic