CMSimple Index.php Search XSS Network Vulnerability

Summary

The remote host is running CMSimple, a CMS written in PHP. The version of CMSimple installed on the remote host is prone to cross-site scripting attacks due to its failure to sanitize user-supplied input to the search field.

Solution

See http://www.cmsimple.dk/forum/viewtopic.php?t=2470

References

http://lostmon.blogspot.com/2005/07/cmsimple-search-variable-xss.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-2392
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Apache ActiveMQ Source Code Information Disclosure Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability

CMSimple index.php search XSS

Take action and discover your vulnerabilities