Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is incorrect.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
webmaster solutions wmscms 2.0 |
Vulmon