S40 Content Management System (CMS) v0.4.2 beta Cross-Site Scripting Vulnerability

SecPod Research Team member (Antu Sanadi) has found a cross-site scripting vulnerability in S40 Content Management System (CMS). Input passed via the ‘gsearchfield’ parameter in ‘index.php’ is not properly verified before it is returned to the user. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code.

More information can be found here.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments