Jappix Cross Site Scripting

2014-08-28T00:00:00
ID PACKETSTORM:128036
Type packetstorm
Reporter Provensec
Modified 2014-08-28T00:00:00

Description

                                        
                                            `# Affected software: https://jappix.org/  
# Discovered by: Provensec  
# Website: http://www.provensec.com  
# Type of vulnerability: XSS Stored  
  
# Description: Jappix is a new, smart and powerful social platform. We  
think each of us should own his own data, that’s why we’ve made Jappix  
decentralized. Jappix is one of the smartest free social network. You can  
install it on your own server if you have one or join one of the existings.  
All of the Jappix servers are connected together through XMPP protocol.  
Therefore, you can use a jappix account with other software, as Gajim, Psi,  
iChat or Movim.  
  
# Proof of concept:  
Create new account and fill the nickname and other field with  
"><script>alert(document.cookie);</script> and then goto  
https://me.jappix.com/usnername@jappix.com/contact  
  
`