Eventum 2.3.1 Stored Cross Site Scripting

2011-02-20T00:00:00
ID PACKETSTORM:98620
Type packetstorm
Reporter Saif El-Sherei
Modified 2011-02-20T00:00:00

Description

                                        
                                            `# Exploit Title: Eventum 2.3.1 stored XSS  
# Date: 19-2-2011  
# Author: Saif El-Sherei  
# Software Link: [download link if available]  
# Version: Eventum 2.3.1  
# Tested on: FF 3.0.15, IE 8  
# Vendor notification: vendor notified, awaiting response  
  
Info:  
  
Eventum is a user-friendly and flexible issue tracking system that can be  
used by a support department to track incoming technical support requests,  
or by a software development team to quickly organize tasks and bugs.  
  
Details:  
  
The "Full-Name" variable is not properly sanitized before displayed in any  
page. where an authorized user can perform this attack on other users who  
has access to the system, by changing his own "full-name" in the preferences  
section.  
  
POC:  
  
<script>alert('w00t');</script>  
  
Regards,  
  
Saif El-Sherei  
OSCP  
`