| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 24 Nov 2010 14:47:38 -0000 From: bt@...ln.com To: bugtraq@...urityfocus.com Subject: [eVuln.com] email XSS in SimpLISTic New eVuln Advisory: email XSS in SimpLISTic Summary: http://evuln.com/vulns/145/summary.html Details: http://evuln.com/vulns/145/description.html -----------Summary----------- eVuln ID: EV0145 Software: SimpLISTic Vendor: Mrcgiguy Version: 2.0 Critical Level: low Type: Cross Site Scripting Status: Unpatched. No reply from developer(s) PoC: Available Solution: Available Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ ) --------Description-------- XSS vulnerability found in email.cgi script. 'email' parameter is not properly sanitized. 'email' parameter pass through similar filter but not XSS filter. Any user may add email containing special code. "List addresses" page in Admin panel is vulnerable. --------PoC/Exploit-------- PoC code is available at: http://evuln.com/vulns/145/exploit.html ---------Solution---------- Available at http://evuln.com/vulns/145/solution.html ----------Credit----------- Vulnerability discovered by Aliaksandr Hartsuyeu http://evuln.com/xss/ - recent xss vulns.
Powered by blists - more mailing lists