Bugtraq mailing list archives
fipsCMS light - vulnerable to script injection.
From: preben () watchcom no
Date: 14 Nov 2005 00:37:37 -0000
fipsCMS lights is a freeware product of fipsasp.com. If you log on as admin, you can generate new pages in the CMS system. If you inject the "headline" field with scriptingcode like <script>alert(code executed)</script>, this will automaticly launch when a users visits that site. Please credit to: Preben Nyløkken
Current thread:
- fipsCMS light - vulnerable to script injection. preben (Nov 14)