31 May, 2011

Kentico CMS <=5.5R2.23 Cross-Site Scripting POST Injection Vulnerability

Kentico CMS suffers from a XSS vulnerability when parsing user input to the 'userContextMenu_parameter' parameter via POST method in '/examples/webparts/membership/users-viewer.aspx'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.


1 comment:

varun said...

Thanks a lot for sharing the post on Kentico....

Really a nice and good detailed explanation..

for more information about Kentico checks Kentico CMS.