SimpleGroupware 0.742 Cross Site Scripting

2012.02.08
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Advisory: SimpleGroupware 0.742 Cross-Site-Scripting vulnerability Advisory ID: INFOSERVE-ADV2012-01 Author: Stefan Schurtz Contact: security@infoserve.de Affected Software: Successfully tested on SimpleGroupware 0.742 Vendor URL: http://www.simple-groupware.de/ Vendor Status: fixed (see Changelog) ========================== Vulnerability Description ========================== SimpleGroupware 0.742 'export' parameter XSS vulnerability ================== PoC-Exploit ================== http://[target]/SimpleGroupware_0.742/bin/index.php?export=<ScRiPt >alert('xss')</ScRiPt> ========= Solution ========= Upgrade to the latest Version 0.743 ==================== Disclosure Timeline ==================== 01-Feb-2012 - informed vendor 02-Feb-2012 - fixed by vendor ======== Credits ======== Vulnerabilitiy found and advisory written by the INFOSERVE security team. =========== References =========== http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2012-01.txt

References:

http://www.simple-groupware.de/
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2012-01.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top