Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2006-01-26T00:00:00


                                            `New eVuln Advisory:  
ExpressionEngine 'Referer' XSS Vulnerability  
Software: ExpressionEngine  
Sowtware's Web Site:  
Versions: 1.4.1  
Critical Level: Moderate  
Type: Cross-Site Scripting  
Class: Remote  
Status: Unpatched  
Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (  
eVuln ID: EV0048  
Vulnerable script: core.input.php  
Variable $_SERVER['HTTP_REFERER'] isn't properly sanitized. This can be used to post HTTP query with fake Referer value which may contain arbitrary html or script code. This code will be executed when administrator(or any user) will open Referrers Statistics.  
Administrator's session is threatened.  
Available at:  
GET /path/index.php HTTP/1.0  
Host: host  
Referer: http://<XSS>.com/;  
No Patch available.  
Discovered by: Aliaksandr Hartsuyeu (