Release date:
Updated on:
Affected Systems:
CouponPHP 1.0
Description:
--------------------------------------------------------------------------------
CouponPHP is a content management system for discount coupons and transaction websites.
CouponPHP CMS 1.0 does not properly filter/admin/ajax/comments_paginate.php or the "sEcho" GET parameter value of/admin/ajax/stores_paginate.php. Multiple cross-site scripting vulnerabilities exist in implementation, attackers can execute arbitrary HTML and script code in users' browser sessions.
<* Source: Gjoko Krstic (liquidworm@gmail.com)
Link: http://secunia.com/advisories/57177/
Http://www.exploit-db.com/exploits/32037/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
CouponPHP
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.couponphp.com
Http://couponphp.com/changelog