BugTraq
[eVuln.com] email XSS in SimpLISTic Nov 24 2010 02:47PM
bt evuln com
New eVuln Advisory:

email XSS in SimpLISTic

Summary: http://evuln.com/vulns/145/summary.html

Details: http://evuln.com/vulns/145/description.html

-----------Summary-----------

eVuln ID: EV0145

Software: SimpLISTic

Vendor: Mrcgiguy

Version: 2.0

Critical Level: low

Type: Cross Site Scripting

Status: Unpatched. No reply from developer(s)

PoC: Available

Solution: Available

Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )

--------Description--------

XSS vulnerability found in email.cgi script. 'email' parameter is not properly sanitized.

'email' parameter pass through similar filter but not XSS filter.

Any user may add email containing special code.

"List addresses" page in Admin panel is vulnerable.

--------PoC/Exploit--------

PoC code is available at:

http://evuln.com/vulns/145/exploit.html

---------Solution----------

Available at http://evuln.com/vulns/145/solution.html

----------Credit-----------

Vulnerability discovered by Aliaksandr Hartsuyeu

http://evuln.com/xss/ - recent xss vulns.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus