Vulners
Lucene search
owl-xss.txt
🗓️ 29 Jul 2008 00:00:00Reported by Fabian FingerleType 
packetstorm🔗 packetstormsecurity.com👁 33 Views
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | CVE-2008-3100 | 28 Jul 200800:00 | – | circl |
 | CVE-2008-3100 | 29 Jul 200818:00 | – | cve |
 | CVE-2008-3100 | 29 Jul 200818:00 | – | cvelist |
 | EUVD-2008-3090 | 7 Oct 202500:30 | – | euvd |
 | CVE-2008-3100 | 29 Jul 200818:41 | – | nvd |
 | Cross site scripting | 29 Jul 200818:41 | – | prion |
 | Cross Site Scripting (XSS) in Owl <=0.95, CVE-2008-3100 | 29 Jul 200800:00 | – | securityvulns |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 29 Jul 200800:00 | – | securityvulns |
 | Owl Intranet Engine register.php跨站脚本执行漏洞 | 30 Jul 200800:00 | – | seebug |
 | CVE-2008-3100 | 29 Jul 200818:41 | – | ubuntucve |
10
`Cross Site Scripting (XSS) in Owl <=0.95, CVE-2008-3100
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3100
http://owl.sourceforge.net/
http://www.datensalat.eu/~fabian/cve/CVE-2008-3100-Owl.html
Description:
Owl is a multi user document repository (knowledgebase) system for
publishing files/documents onto the web. The application is vulnerable
to simple Cross Site Scripting, which can be used for several isues
Example:
Assuming Owl is installed on http://localhost/Owl/, one can inject
JavaScript with:
http://localhost/Owl/register.php?myaction=getpasswd&username="><script>alert(1);</script>
Workaround/Fix:
Replace your owl.lib.php with the version from
http://owl.cvs.sourceforge.net/*checkout*/owl/owl-0.90/lib/owl.lib.php
Disclosure Timeline:
2008-07-27 Vendor contacted
2008-07-28 Vendor: fixed issue in cvs / no need for new stable release
2008-07-28 Advisory published
CVE Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2008-3100 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
Credits and copyright:
This vulnerability was discovered by Fabian Fingerle (published with
help from Hanno Boeck (http://www.hboeck.de)). It's licensed under the
creative commons attribution license 3.0.
Fabian Fingerle, 2008-07-28, http://www.fabian-fingerle.de
--
_GPG_ 3D17 CAC8 1955 1908 65ED 5C51 FDA3 6A09 AB41 AB85
_chaos events near stuttgart_ www.datensalat.eu
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
29 Jul 2008 00:00Current
6.6Medium risk
Vulners AI Score6.6
EPSS0.09254