| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42995B62.30201@suckea.com> Date: Sat May 28 04:57:32 2005 From: nah at suckea.com (Nah) Subject: XSS Bug in Jaws Glossary Action: ViewTerm ( v 0.4 - 0.5.1 (latest version)) XSS Bug in Jaws Glossary( v 0.4 - 0.5.1 (latest version)) STATUS: The vendor has been contacted, fixed in cvs. Jaws is a Framework and Content Management System for building dynamic web sites. It aims to be User Friendly giving ease of use and lots of ways to customize web sites, but at the same time is Developer Friendly, it offers a simple and powerful framework to hack your own modules. TECHNICAL INFO ================================================================ The Glossary gadget doesn't filter dangerous characters in the argument view or ViewTerm ( according to the version) allowing the instertion of items from "<script>alert(document.cookie)</script> to more complex situations. Example: v0.5.x: http://url.com/index.php?gadget=Glossary&action=ViewTerm&term=<script src=some script</script> v 0.4: http://url.com/index.php?gadget=Glossary&action=view&term=<script src=some script></script> An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. VULNERABLE VERSIONS --------------------------------------------------------------- 0.4-0.5.1(Latest version) --------------------------------------------------------------- Contact information :Paulino Calderon :nah@...kea.com :http://nah.suckea.com/
Powered by blists - more mailing lists