Login| Registreer
Onthoud mij?

Likes

Likes: 0

Resultaten 1 tot 1 van de 1

Onderwerp Gereedschap
Toon
- Lineaire Modus
- Schakel over naar Hybride Modus
- Schakel over naar Onderwerp Modus

Geen

Onderwerp: Alkacon OpenCms tree_files.jsp resource XSS

#1

nnposter@disclosed.not 25/02/08 18:25

Gast
n/a Berichten
Berichten zijn liked

Thread Starter

Alkacon OpenCms tree_files.jsp resource XSS

Alkacon OpenCms tree_files.jsp resource XSS

Product: Alkacon OpenCms
http://www.opencms.org/

OpenCms contains a cross-site scripting vulnerability in the file tree navigation function. An invalid value supplied to parameter resource in page opencms/system/workplace/views/explorer/tree_files.jsp is not sanitized before it gets embedded in the HTML output as part of a JavaScript comment.

Example:
http://(target)/opencms/opencms/syst....cookie);+/*+/

The vulnerability has been identified in version 7.0.3. However, other versions may be also affected.

Solution:
Users should not browse untrusted sites while logged into OpenCms.

Found by:
nnposter

Quote

Snelle Navigatie Bugtraq mailing lijst Top

« Vorig Onderwerp | Volgend Onderwerp »

Webhostingtalk.nl

Link met ons

Partners

Contact

Rokin 113-115
1012 KP, Amsterdam
Nederland
Contact

© Copyright 2001-2021 Webhostingtalk.nl.

Alle tijden zijn GMT +2.
Het is nu 03:14.