[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS
- To: MustLive <mustlive@xxxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS
- From: Henri Salo <henri@xxxxxxx>
- Date: Sat, 2 Mar 2013 19:17:34 +0200
On Fri, Mar 01, 2013 at 11:50:00PM +0200, MustLive wrote:
> I'm resending my letter from February 23, 2013 (since FD was not working
> that day).
>
> After my previous list of vulnerable software with ZeroClipboard.swf, here
> is a list of software with ZeroClipboard10.swf. These are Cross-Site
> Scripting vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django
> and aCMS.
>
> Earlier I've wrote about Cross-Site Scripting vulnerabilities in
> ZeroClipboard (http://seclists.org/fulldisclosure/2013/Feb/103). I wrote
> that this is very widespread flash-file and it's placed at tens of thousands
> of web sites. And it's used in hundreds of web applications. Among them are
> em-shorty, RepRapCalculator, Fulcrum (CMS), Django and aCMS. And there are
> many other vulnerable web applications with ZeroClipboard10.swf (some of
> them also contain ZeroClipboard.swf).
So did you report this vulnerability to those projects? Even to security@ or
similar address? I noticed this vulnerability from WordPress plugins. Did you
report those? Did you ask CVE identifiers?
--
Henri Salo
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/