[MajorSecurity SA-076]Conpresso CMS v4.1.1 - Cross site Scripting vulnerabilities
Product: Conpresso CMS v4.1.1
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.conpresso.com/
Advisory-Status: published
Discovered by: David Vieira-Kurz of MajorSecurity
http://www.majorsecurity.net/conpresso_cms_xss.php
Conpresso CMS v4.1
Prior versions may also be vulnerable
"Conpresso CMS v4.1 is a web based content management system."
The vendor released a patch which fixes the issues. Download version 4.1.2 to make sure your conpresso cms
installation is secured. We would like to thank Thomas Walter of the Conpresso CMS development team for the
professional communication.
2010-06-10 - vendor was contacted
2010-06-13 - vendor confirmed the issues
2010-06-18 - vendor released a patch ( 4.1.2 )
2010-07-13 - advisory responsible disclosed