lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 25 Jul 2006 20:16:34 -0000 From: tamriel@....net To: bugtraq@...urityfocus.com Subject: TP-Book <= 1.00 Cross Site Scripting Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: TP-Book <= 1.00 Cross Site Scripting Vulnerabilities Release Date: 2006/07/25 Last Modified: 2006/07/25 Author: Tamriel [tamriel at gmx dot net] Application: TP-Book <= 1.00 Risk: Low Vendor Status: not contacted Vendor Site: tobias.kloy.googlepages.com Overview: Quote from tobias.kloy.googlepages.com: "Das Gaestebuch verfuegt über folgende Features: - Anpassbare Templates - Viele Systeme, um Dauerspammer auszuschließen - Admincontrol-Panel - Einfache Installation durch einen Wizard" Details: In your guestbook posts the name will not be checked by the script. Attackers can so perform cross site scripting attacks. Solution: Take a view on PHP's htmlentities function. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 iD8DBQFExnkWqBhP+Twks7oRAo+tAJ9xQfU3nR2GdQFpihUfYvZMRcjeOACeM5u8 9pRIeeb4mDLWby9rlVGfMsU= =sTzT -----END PGP SIGNATURE-----
Powered by blists - more mailing lists