| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201011171841.oAHIfBDp015516@www5.securityfocus.com> Date: Wed, 17 Nov 2010 11:41:11 -0700 From: bt@...ln.com To: bugtraq@...urityfocus.com Subject: [eVuln.com] URL and Title XSS in AxsLinks New eVuln Advisory: URL and Title XSS in AxsLinks http://evuln.com/vulns/139/summary.html -----------Summary----------- eVuln ID: EV0139 Software: AxsLinks Vendor: AXScripts Version: 0.3 Critical Level: medium Type: Cross Site Scripting Status: Unpatched. No reply from developer(s) PoC: Not available Not available Solution: Available Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ ) --------Description-------- User-defined parameters "url" and "title" (script "addlink.php") are not properly sanitized. XSS is possibl. --------PoC/Exploit-------- Will be available soon at http://evuln.com/vulns/139/exploit.html ---------Solution---------- Available at http://evuln.com/vulns/139/solution.html ----------Credit----------- Vulnerability discovered by Aliaksandr Hartsuyeu http://evuln.com/tool/php-security.html - PHP sources Online Analyzer
Powered by blists - more mailing lists