oss-sec mailing list archives
CVE request: XSS on Monkey HTTPD - dirlisting plugin
From: Felipe Pena <felipensp () gmail com>
Date: Fri, 14 Jun 2013 14:21:34 -0300
A vulnerability was found in the Monkey HTTP - dirlisting plugin, which does not filter file names before printing on HTML page, hence vulnerable to XSS attack. PoC ---- $ touch "' onmouseover='alert(1);" Report ------ http://bugs.monkey-project.com/ticket/185 CREDITS ------- Felipe Pena -- Regards, Felipe Pena
Current thread:
- CVE request: XSS on Monkey HTTPD - dirlisting plugin Felipe Pena (Jun 14)
- Re: CVE request: XSS on Monkey HTTPD - dirlisting plugin Kurt Seifried (Jun 14)