lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20130109213523.57fe3419c89cda66c14b77972f81dbfd.a43b3f33ae.wbe@email06.secureserver.net> Date: Thu, 10 Jan 2013 05:00:00 -0700 From: "SBV Research" <research@...verbackventuresllc.com> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: OrangeHRM 2.7.1 Vacancy Name Persistent XSS OrangeHRM[1] 2.7.1[2] -- the latest stable release as of this writing -- suffers from a persistent XSS in the vacancy name variable. Steps: 1. Navigate to following URL: http://[domain]/symfony/web/index.php/recruitment/viewJobVacancy 2. Add or Edit a Vacancy 3. In the Vacancy Name parameter put XSS script 4. Save 5. Navigate back to top Vacancy page (click back button) 6. Witness XSS Screen shots of above exploit steps may be found on my website (for those who want additional validation): http://securitymaverick.com/?p=408 I contacted OrangeHRM[3] but did not receive a reply. Thanks, Ken PS -Currently on twitter: https://twitter.com/infosecmaverick ---------------- [1] http://sourceforge.net/projects/orangehrm/ [2] http://sourceforge.net/projects/orangehrm/files/stable/2.7.1/ [3] http://www.orangehrm.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists