S40 Content Management System (CMS) v0.4.2 beta Cross-Site Scripting Vulnerability
SecPod Research Team member (Antu Sanadi) has found a cross-site scripting vulnerability in S40 Content Management System (CMS). Input passed via the ‘gsearchfield’ parameter in ‘index.php’ is not properly verified before it is returned to the user. This may allow an attacker to steal cookie-based a...
Jul 7, 2011By Veerendra GG1 min read
SecPod Research Team member (Antu Sanadi) has found a cross-site scripting vulnerability in S40 Content Management System (CMS). Input passed via the ‘gsearchfield’ parameter in ‘index.php’ is not properly verified before it is returned to the user. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code.
More information can be found here.