holisticinfosec.org - HIO-2008-0717 TYPOlight webCMS 2.6 Beta 2 XSS

Home
Blog
ISSA JRN's toolsmith
Best Practices
Links
Research
How To
Standards
Publications & Events
Simplicity
Philosophy
GNU GPL
In The News
F-Secure World Map
News
Security News Feeds
Open SRC Definition
Contact
Search

"What I hear, I forget. What I see, I remember. What I do, I understand. - Kung Fu Tzu (Confucius)"

RSS

HIO-2008-0717 TYPOlight webCMS 2.6 Beta 2 XSS

TYPOlight webCMS 2.6 Beta 2 contains a flaw that allows cross site scripting.

Cross-site scripting occurs where the "keywords" variable doesn't properly sanitize input submitted to the search.html script.

This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

BID: N/A

CVE: N/A

OSVDB: N/A

SA: N/A

XF: N/A

Vendor Solution: Upgrade to 2.6 as of 8/12/08

< Prev		Next >

[ Back ]