Bugtraq mailing list archives
[eVuln.com] URL and Title XSS in AxsLinks
From: bt () evuln com
Date: Wed, 17 Nov 2010 11:41:11 -0700
New eVuln Advisory: URL and Title XSS in AxsLinks http://evuln.com/vulns/139/summary.html -----------Summary----------- eVuln ID: EV0139 Software: AxsLinks Vendor: AXScripts Version: 0.3 Critical Level: medium Type: Cross Site Scripting Status: Unpatched. No reply from developer(s) PoC: Not available Not available Solution: Available Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ ) --------Description-------- User-defined parameters "url" and "title" (script "addlink.php") are not properly sanitized. XSS is possibl. --------PoC/Exploit-------- Will be available soon at http://evuln.com/vulns/139/exploit.html ---------Solution---------- Available at http://evuln.com/vulns/139/solution.html ----------Credit----------- Vulnerability discovered by Aliaksandr Hartsuyeu http://evuln.com/tool/php-security.html - PHP sources Online Analyzer
Current thread:
- [eVuln.com] URL and Title XSS in AxsLinks bt (Nov 19)