source: https://www.securityfocus.com/bid/54049/info
SquizCMS is prone tomultiple cross-site scripting vulnerabilities and an XML external entity injection vulnerability because it fails toproperly sanitize user-supplied input.
Attackers may exploit these issues toexecute arbitrary code in the context of the affected browser, potentially allowing the attacker tosteal cookie-based authentication credentials,toperformXML based attacks (including local file disclosure),TCP port scans, and a denial of service (DoS) condition; other attacks are also possible.
SquizCMS4.6.3 is vulnerable; other versions may also be affected.
http://www.example.com/_admin/?SQ_BACKEND_PAGE=main&backend_section=am&am_section=edit_asset"><script>alert(document.cookie)</script>&assetid=73&sq_asset_path=%2C1%2C73&sq_link_path=%2C0%2C74&asset_ei_screen=details [XSS]
