Jappix Cross Site Scripting

2014.08.29
Credit: Provensec
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Affected software: https://jappix.org/ # Discovered by: Provensec # Website: http://www.provensec.com # Type of vulnerability: XSS Stored # Description: Jappix is a new, smart and powerful social platform. We think each of us should own his own data, that’s why we’ve made Jappix decentralized. Jappix is one of the smartest free social network. You can install it on your own server if you have one or join one of the existings. All of the Jappix servers are connected together through XMPP protocol. Therefore, you can use a jappix account with other software, as Gajim, Psi, iChat or Movim. # Proof of concept: Create new account and fill the nickname and other field with "><script>alert(document.cookie);</script> and then goto https://me.jappix.com/usnername@jappix.com/contact


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top