| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 6 May 2006 12:54:16 -0000 From: zerogue@...il.com To: bugtraq@...urityfocus.com Subject: ChipmunkBlogger improper input sanitizing ChipmunkBlogger improper input sanitizing Discovered by: Nomenumbra Date: 6/4/2006 impact:moderate (privilege escalation,possible defacement) Posts (potentially made by lower-privilege members) and profile names aren't properly sanitized, thus resulting in being vulnerable to the following kind of XSS injection: <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> The photo gallery input isn't sanitized either, by giving the following input as an url we have a nice XSS attack: javascript:alert(%27xss%27) Nomenumbra/[0x4F4C]
Powered by blists - more mailing lists