lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070302050601.9087.qmail@securityfocus.com> Date: 2 Mar 2007 05:06:01 -0000 From: meto5757@...mail.com To: bugtraq@...urityfocus.com Subject: vBulletin v3.6.5 admincp/index.php ( rss feed ) xss vuln. vBulletin® v3.6.5 has an xss vuln in admincp/index.php in rss feed . exactlly in add rss url by adding : "><script>alert(document.cookie);</script> a cool messege box appear with cookies ;) earlier versions affected also . ----------------------------------------------------------------------------- Discovered by meto5757 -----------------------------------------------------------------------------