CPAINT 1.3/2.0.2 - 'TYPE.php' Cross-Site Scripting
| EKU-ID: 32470 | CVE: CVE-2006-0650;OSVDB-22979;BID: 16559;GTSA-00089 | OSVDB-ID: |
| Author: GulfTech Security | Published: 2006-02-08 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 32470 | CVE: CVE-2006-0650;OSVDB-22979;BID: 16559;GTSA-00089 | OSVDB-ID: |
| Author: GulfTech Security | Published: 2006-02-08 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/16559/info CPAINT is prone to a cross-site scripting vulnerability. This issue affects the 'type.php' script and may facilitate the theft of cookie-based authentication credentials as well as other attacks. CPAINT 2.0.2 and prior versions are affected. http://www.example.com/examples/type/type.php?cpaint_response_type=%3Ciframe%20src=http://www.gulftech.org/%3E