|
Description
|
|
Some vulnerabilities have been reported in Acidcat CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
Certain input appended to the URL after admin/admin_colors.asp, admin/admin_config.asp, and admin/admin_cat_add.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Successful exploitation requires that the victim uses a browser that does not URL-encode the request (e.g. Internet Explorer 6).
The vulnerabilities are confirmed in version 3.5.6. Other versions may also be affected.
|
