Open
Description
Hi, I would like to report Cross Site Scripting vulnerability in latest release.
Description:
Cross-site scripting (XSS) vulnerability in uploadify flash file might allow remote attackers to inject arbitrary web script or HTML via the multiple parameters.
Steps To Reproduce:
- Open below URL in browser which supports flash.
http://[URL]GetSimpleCMS-3.3.13/admin/template/js/uploadify/uploadify.swf?movieName="])}catche(e){alert("xss")}//
Fix:
Update uploadify version.
Release Info:
3.3.13