lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 May 2014 22:51:36 +0100
From: Pedro Ribeiro <pedrib@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] [CVE-2014-1603] XSS in GetSimple CMS 3.3.1
Hi,
Found some persistent and reflected cross site scripting in the Admin
console of GetSimple CMS 3.3.1 and below.
Waited 6 months for a fix but the developer stopped answering my
emails, so decided to release this anyway.
Details attached if you care - also available at
https://raw.githubusercontent.com/pedrib/PoC/master/getsimplecms-3.3.1.txt.
Regards,
Pedro Ribeiro
Agile Information Security
View attachment "getsimplecms-3.3.1.txt" of type "text/plain" (1268 bytes)
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists