FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Pligg CMS -- XSS Vulnerability

Affected packages
pligg <= 2.0.2,1

Details

VuXML ID c290f093-c89e-11e6-821e-68f7288bdf41
Discovery 2015-05-13
Entry 2016-12-22

Netsparker reports:

Proof of Concept URL for XSS in Pligg CMS:

Page: groups.php

Parameter Name: keyword

Parameter Type: GET

Attack Pattern: http://example.com/pligg-cms-2.0.2/groups.php?view=search&keyword='+alert(0x000D82)+'

For more information on cross-site scripting vulnerabilities read the article Cross-site Scripting (XSS).

References

URL https://www.netsparker.com/web-applications-advisories/ns-15-011-xss-vulnerability-identified-in-pligg-cms/