Vulners
Lucene search
SimpLISTic 2.0 Cross Site Scripting
🗓️ 24 Nov 2010 00:00:00Reported by Aliaksandr HartsuyeuType 
packetstorm🔗 packetstormsecurity.com👁 16 Views
`New eVuln Advisory:
email XSS in SimpLISTic
Summary: http://evuln.com/vulns/145/summary.html
Details: http://evuln.com/vulns/145/description.html
-----------Summary-----------
eVuln ID: EV0145
Software: SimpLISTic
Vendor: Mrcgiguy
Version: 2.0
Critical Level: low
Type: Cross Site Scripting
Status: Unpatched. No reply from developer(s)
PoC: Available
Solution: Available
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )
--------Description--------
XSS vulnerability found in email.cgi script. 'email' parameter is not properly sanitized.
'email' parameter pass through similar filter but not XSS filter.
Any user may add email containing special code.
"List addresses" page in Admin panel is vulnerable.
--------PoC/Exploit--------
Example of XSS
email XSS PoC code for SimpLISTic is available.
XSS
Email: [email protected]</textarea><script>alert('XSS vulnerability')</script>
---------Solution----------
Available at http://evuln.com/vulns/145/solution.html
----------Credit-----------
Vulnerability discovered by Aliaksandr Hartsuyeu
http://evuln.com/xss/ - recent xss vulns.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Nov 2010 00:00Current