Bugtraq mailing list archives
SimpleGroupware 0.742 Cross-Site-Scripting vulnerability
From: security () infoserve de
Date: Mon, 6 Feb 2012 21:19:59 GMT
Advisory: SimpleGroupware 0.742 Cross-Site-Scripting vulnerability Advisory ID: INFOSERVE-ADV2012-01 Author: Stefan Schurtz Contact: security () infoserve de Affected Software: Successfully tested on SimpleGroupware 0.742 Vendor URL: http://www.simple-groupware.de/ Vendor Status: fixed (see Changelog) ========================== Vulnerability Description ========================== SimpleGroupware 0.742 'export' parameter XSS vulnerability ================== PoC-Exploit ================== http://[target]/SimpleGroupware_0.742/bin/index.php?export=<ScRiPt >alert('xss')</ScRiPt> ========= Solution ========= Upgrade to the latest Version 0.743 ==================== Disclosure Timeline ==================== 01-Feb-2012 - informed vendor 02-Feb-2012 - fixed by vendor ======== Credits ======== Vulnerabilitiy found and advisory written by the INFOSERVE security team. =========== References =========== http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2012-01.txt
Current thread:
- SimpleGroupware 0.742 Cross-Site-Scripting vulnerability security (Feb 07)