Description
Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Roozbeh Afrasiabi · textwebappsphp
https://www.exploit-db.com/exploits/27360
References (6)
Core 6
Core References
Exploit, Vendor Advisory x_refsource_misc
http://www.kapda.ir/advisory-280.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16970
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18997
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23823
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/474
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/426829
Scores
EPSS
0.0825
EPSS Percentile
92.2%
Details
Status
published
Products (6)
runcms/runcms
1.1
runcms/runcms
1.1a
runcms/runcms
1.2
runcms/runcms
1.3a
runcms/runcms
1.3a2
runcms/runcms
1.3a5
Published
Mar 14, 2006
Tracked Since
Feb 18, 2026