Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6

Posted by Steffen Rösemann on Jan 12

Advisory: Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6
Advisory ID: SROEADV-2014-07
Author: Steffen Rösemann
Affected Software: CMS PHPKit WCMS v. 1.6.6 [Build: 1660014]
Vendor URL: http://www.phpkit.com/de/
Vendor Status: did not respond to issue
CVE-ID: –

==========================
Vulnerability Description:
==========================

The poll archive in the administrative backend of CMS PHPKit WCMS v. 1.6.6
is prone to…

Leave a Reply