-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1688secur...@debian.org
http://www.debian.org/security/ Steffen Joeris
December 20, 2008
## www.BugReport.ir #
#
# AmnPardaz Security Research Team
#
# Title: chicomas <=2.0.4 Multiple Vulnerabilities
# Vendor: http://www.chicomas.com/
# Demo: http://demo.opensourcecms.com/chicomas
# Bug:Database Information Disclosure, Autho
On Sat, 20 Dec 2008, ad...@bugreport.ir wrote:
: +-->Cross Site Scripting (XSS). Reflected XSS attack in "index.php" in "q"
: parameter.
:
: POC:
:
http://[URL]/chicomas/index.php?q=";alert(/www.BugReport.ir/.source)
This was disclosed on May 5th [1] by Hadi Kiamarsi and was assigned BID
2902