Posted by Peter Lapp on Jan 13

Details
=======

Product: EasyDNNnews
Vulnerability: Reflected XSS
Author: Peter Lapp, lappsec () gmail com
CVE: None
Vulnerable Versions: <7.5
Fixed Version: 7.5

Summary
=======

module that enables non-technical users to publish and manage articles,
news, press releases, stories and editorials.”

During an engagement it was discovered that reflected XSS could be achieved
in two locations by appending a bogus GET parameter that…