| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Dec 2014 10:39:44 +0800 From: Jing Wang <justqdjing@...il.com> To: fulldisclosure@...lists.org Subject: [FD] CVE-2014-8752 JCE-Tech "Video Niche Script" XSS (Cross-Site Scripting) Security Vulnerability *CVE-2014-8752 JCE-Tech "Video Niche Script" XSS (Cross-Site Scripting) Security Vulnerability* Exploit Title: JCE-Tech "Video Niche Script" /view.php Multiple Parameters XSS Product: "Video Niche Script" Vendor: JCE-Tech Vulnerable Versions: 4.0 Tested Version: 4.0 Advisory Publication: Nov 18, 2014 Latest Update: Nov 18, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-8752 Credit: Wang Jing [CCRG, Nanyang Technological University, Singapore] *Advisory Details:* *(1) Vendor URL:* http://jce-tech.com/products/ *Product Description:* "The PHP Video Script instantly creates a niche video site based on keywords users control via the admin console. The videos are displayed on users' site, but streamed from the YouTube servers." *(2) Vulnerability Details.* JCE-Tech "Video Niche Script" is vulnerable to XSS attacks. *(2.1)* The vulnerability occurs at "view.php" page with "video", "title" parameters. *References:* http://tetraph.com/security/cves/cve-2014-8752-jce-tech-video-niche-script-xss-cross-site-scripting-security-vulnerability/ https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8752 _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists