Pebble 2.0.0 RC[1,2] XSS vulnerability

2006.10.10
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


Ogólna skala CVSS: 4.3/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Częściowy
Wpływ na dostępność: Brak

Software: Pebble Version: 2.0.0 RC1 - 2.0.0 RC2 Author: Simon Brown Homepage: http://pebble.sourceforge.net Abstract Pebble is a blogging system built upon java and XML. There is no database to store the data into but just XML is used instead. Description Vulnerability: XSS vulnerability in "search" functionality. Query string wasn't parsed for HTML and while printing it out for "Search with google" link, the XSS can be done. Workaround Disable "Search with google" link in the user result page or, better, update to the latest version in subversion. History Author contacted: 20 september Author replyed: 20 september Patch published in Subversion archive: 27 september Disclaimer: This advisory intended to be informational. No responsibility is taken for its misuse.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top