[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[eVuln.com] email XSS in SimpLISTic
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: [eVuln.com] email XSS in SimpLISTic
- From: bt@xxxxxxxxx
- Date: 24 Nov 2010 14:47:38 -0000
New eVuln Advisory:
email XSS in SimpLISTic
Summary: http://evuln.com/vulns/145/summary.html
Details: http://evuln.com/vulns/145/description.html
-----------Summary-----------
eVuln ID: EV0145
Software: SimpLISTic
Vendor: Mrcgiguy
Version: 2.0
Critical Level: low
Type: Cross Site Scripting
Status: Unpatched. No reply from developer(s)
PoC: Available
Solution: Available
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )
--------Description--------
XSS vulnerability found in email.cgi script. 'email' parameter is not properly
sanitized.
'email' parameter pass through similar filter but not XSS filter.
Any user may add email containing special code.
"List addresses" page in Admin panel is vulnerable.
--------PoC/Exploit--------
PoC code is available at:
http://evuln.com/vulns/145/exploit.html
---------Solution----------
Available at http://evuln.com/vulns/145/solution.html
----------Credit-----------
Vulnerability discovered by Aliaksandr Hartsuyeu
http://evuln.com/xss/ - recent xss vulns.