https://www.exploit-db.com/exploits/26068
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200508-071

Web内容管理新闻系统中存在跨站脚本(XSS)漏洞。这使得远程攻击者可以借助于(1)strRootpath参数向validsession.php中或(2)strTable参数向Admin/News/List.php中注入任意的Web脚本或HTML。

source: http://www.securityfocus.com/bid/14464/info
 
Web content management is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
 
An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

http://www.example.com/Admin/News/List.php?strTable=<script>alert(document.cookie)</script><!--

来源:MISC
链接:http://www.rgod.altervista.org/webc.html
来源:SECTRACK
名称:1014616
链接:http://securitytracker.com/id?1014616
来源:SECUNIA
名称:16317
链接:http://secunia.com/advisories/16317
来源:XF
名称:webcms-multiple-script-xss(21689)
链接:http://xforce.iss.net/xforce/xfdb/21689
来源:BID
名称:14464
链接:http://www.securityfocus.com/bid/14464