# Ariko-Security: Security Audits , Audyt bezpieczenstwa
# Advisory: 698/2010

============ { Ariko-Security - Advisory #2/6/2010 } =============

XSS vulnerability in TMJCMS

Vendor's Description of Software:
# http://tmjcss.com

Dork:
# Powered by TMJCMS

Application Info:
# Name: TMJCMS
# ALL versions

Vulnerability Info:
# Type: XSS

Fix:
# N/A

Time Table:
# 21/06/2010 - Vendor notified.

Input passed to the "cat" parameter in page.asp is not properly

sanitised before being returned to the user.

Solution:
# Input validation of type parameter should be corrected.

Vulnerability:

# http://[site]/page.asp?cs=&cat=[xss]&catid=

Credit:
# Discoverd By: Maciej Gojny / Ariko-Security 2010