CPG Dragonfly CMS 9.3.3.0 – Multiple Multiple Cross-Site Scripting Vulnerabilities

Exploit Database
119 阅读

作者： Ariko-Security

日期： 2012-02-21
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36867/

source: https://www.securityfocus.com/bid/52100/info

Dragonfly CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Dragonfly 9.3.3.0 is vulnerable; other versions may be affected.

http://www.example.com/index.php?name=coppermine&file=thumbnails&meta=lastup%22%3E%3CsCrIpT%3Ealert%2852128%29%3C%2fsCrIpT%3E&cat=0

last Exploits
CPG Dragonfly CMS 9.3.3.0 – Multiple Multiple Cross-Site Scripting Vulnerabilities的更多信息

Oracle Fusion Middleware 10.1.2/10.1.3 – BPEL Console Cross-Site Scripting：
ProArcadeScript to Game – SQL Injection：
Online shopping system advanced 1.0 – ‘p’ SQL Injection：
Hero Framework – ‘/users/forgot_password?error’ Cross-Site Scripting：
Newsbull Haber Script 1.0.0 – ‘search’ SQL Injection：
WAGO e!DISPLAY 7300T – Multiple Vulnerabilities：
MC Documentation Creator Script – SQL Injection：
Calendarix 0.8.20080808 – Multiple Cross-Site Scripting / SQL Injections：