Family Connections CMS 2.3.2 (POST) Stored XSS And XML Injection

FCMS suffers from a stored XSS vulnerability (post-auth) in messageboard.php script thru the ‘subject’ post parameter. XML Inj. lies in the ‘/inc/getChat.php’ script with ‘users’ get parameter with no args, and post parameter ‘message’.

Advisory ID: ZSL-2011-5004
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5004.php

Comment are closed.