DEFTCODE( 2 )

GPG - 2048R/6D378CAF

CVE-2006-3189 – HotPlug CMS 1.0 - Cross-site Scripting

Vendor

http://www.hotplugcms.com/

Open Source Pluggable PHP 5 Content Management System (CMS) that runs on a range of popular platforms and databases (MySQL, SQLite,PostgreSQL). HotPlug CMS is a fork of Wolf CMS, optimised for SEO, Accessibility and Mobile.

Description

Cross-site Scripting (XSS) vulnerability in administration/tblcontent/login1.php in HotPlug CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

Proof of Concept

~ stands for [xss-vector]

  1. http://localhost/[hpc_path]/administration/tblcontent/login1.php?msg= ~

References