lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <060201d2baa0$8cada690$a608f3b0$@httpcs.com> Date: Fri, 21 Apr 2017 15:09:44 +0200 From: "HTTPCS" <contact@...pcs.com> To: <fulldisclosure@...lists.org> Subject: [FD] OXATIS 'EMail' Cross Site Scripting Vulnerability Dear Sir or Madam, A vulnerability has been discovered in OXATIS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'EMail' parameter to '/PBSubscribe.asp' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. HTTPCS Advisory : HTTPCS159 Product : OXATIS Version : 2017 Page : /PBSubscribe.asp Variables : newsradio=1&EMail=[VulnHTTPCS] Type : XSS Method : GET Description : A vulnerability has been discovered in OXATIS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'EMail' parameter to '/PBSubscribe.asp' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. References : <https://www.httpcs.com/advisory/httpcs159> https://www.httpcs.com/advisory/httpcs159 Credit : HTTPCS [Web Vulnerability Scanner] ------------------------------------------------------ *For your security no information will be communicated before the update. ------------------------------------------------------ Cordialement, Support Client HTTPCS Support Technique : +33.805.693.333 Support Commercial : +33.805.693.333 Fax : +33.4.11.93.45.04 Email: <mailto:contact@...pcs.com> contact@...pcs.com Du lundi au vendredi : 9h - 19h <https://mandrillapp.com/track/open.php?u=30841549&id=a659e4dcc20947548e0e76e4ad409c55> _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists