|| Security Net Advisory #D.13.9.06.a

Title  : eMU CMS v0.2.1 XSS injection
Impact : Cross Site Scripting
Type   : Remote
Vendor : 
  - Url   : http://www.emusoft.org

|| Vulnerability

Input passed to the "query" and "page" parameter in index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session.

|| Solution:

Edit the source code to ensure that input is properly filtered.

|| Contact

Author : Ivan Markovic
Site   : www.security-net.biz