Posted by Steffen Rösemann on Jan 18

Advisory: Reflecting XSS vulnerability in CMS Websitebaker v.2.8.3 SP3
Advisory ID: SROEADV-2015-03
Author: Steffen Rösemann
Affected Software: CMS Websitebaker v.2.8.3 SP3
Vendor URL: http://www.websitebaker.org/de/home.php
Vendor Status: Vendor did not respond
CVE-ID: CVE-2015-0553

Tested with:

– Firefox 34
– Mac OS X 10.10

==========================
Vulnerability Description:
==========================

In the administrative backend of the…