CMSimple Index.php Search XSS Network Vulnerability

Summary

The remote host is running CMSimple, a CMS written in PHP. The version of CMSimple installed on the remote host is prone to cross-site scripting attacks due to its failure to sanitize user-supplied input to the search field.

Solution

See http://www.cmsimple.dk/forum/viewtopic.php?t=2470

References

http://lostmon.blogspot.com/2005/07/cmsimple-search-variable-xss.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-2392

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
/doc directory browsable ?
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability

CMSimple index.php search XSS

Take action and discover your vulnerabilities