DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities

DoceboLMS suffers from multiple stored XSS vulnerabilities pre and post auth. Input thru the POST parameters ‘name’, ‘code’ and ‘title’ in index.php is not sanitized allowing the attacker to execute HTML code into user’s browser session on the affected site. URI based XSS vulnerabilities are also present.

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5006.php

Comment are closed.