News Feed
Jobs Feed
Sections




News Archive
Secunis.com:
Travelsized CMS index.php Cross-Site Scripting Vulnerabilities
by Chris Cornutt November 22, 2006 @ 08:09:00

According to this security release from Secunia, there's a cross-site scripting vulnerability with the Travelsized CMS package (PHP-based) in the main index file.

David Vieira-Kurz has discovered some vulnerabilities in Travelsized CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.

The problem comes from the input parameters "page" and "langauge" not being verified and sanitized. Users are encouraged to go in and manually edit the source to correct the problem as there is no patch currently posted as of yet. You can get complete information about this issue from the full Secunia report.

0 comments voice your opinion now!
vulnerability security crosssitescripting xss sanitize input vulnerability security crosssitescripting xss sanitize input


blog comments powered by Disqus

Similar Posts

Richard Lord's Blog: PHP Password Security

PHP Security Consortium: New Product Launch - PHPSecInfo

DeveloperDrive.com: What Web Developers Need to Know About Cross-Site Scripting

Rafael Dohms' Blog: PHP Security: Are you paying attention?

Gareth Heyes' Blog: htmlentities is badly designed


 Community Events











Don't see your event here?
Let us know!

zendframework2 code development community conference object language interview unittest tool functional podcast opinion composer framework introduction series testing example release

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework