lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 24 Sep 2013 15:44:53 GMT
From: mario@...lest.com
To: bugtraq@...urityfocus.com
Subject: CVE-2013-5118 - XSS Good for Enterprise iOS

Hello,

Last month I identified a XSS vulnerability in the Good for Enterprise iOS application.

The vulnerable versions are v2.2.2.1611 and earlier
 
Proof of Concept:
HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version.
 
Payload:
<body>
<div>
<script>alert('XSS Here')</script>
</div>
</body>
 
Remediation:
I worked with the Good people to close the issue, I provided some guidance and feedback and agreed with them to not disclose it until they fix it.

The new release is now available:
Update the "Good for Enterprise" iOS application to 2.2.4.1659 or newer
 
References:
https://www.roblest.com/#research:CVE-2013-5118 

Can the comunity please provide feedback and comments in order to ensure the fix is working well

Many thanks

Mario

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ