QontentOne CMS Search.PHP Cross-Site Scripting Vulnerability
BID:18209
CVE-2006-2774 |Info
QontentOne CMS Search.PHP Cross-Site Scripting Vulnerability
| Bugtraq ID: | 18209 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 01 2006 12:00AM |
| Updated: | Jul 24 2006 10:47PM |
| Credit: | luny is credited with the discovery of this vulnerability. |
| Vulnerable: |
QontentOne QontentOne CMS 0 |
| Not Vulnerable: | |
Discussion
QontentOne CMS Search.PHP Cross-Site Scripting Vulnerability
QontentOne CMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
QontentOne CMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
QontentOne CMS Search.PHP Cross-Site Scripting Vulnerability
Attackers can exploit this issue via a web client.
Attackers can exploit this issue via a web client.
Solution / Fix
QontentOne CMS Search.PHP Cross-Site Scripting Vulnerability
Solution:
The vendor has released an update to address this issue. Please contact the vendor for details.
Solution:
The vendor has released an update to address this issue. Please contact the vendor for details.
References
QontentOne CMS Search.PHP Cross-Site Scripting Vulnerability
References:
References:
- QontentOne CMS Homepage (QontentOne)