SEC Consult SA-20150409-0 :: Multiple XSS & XSRF vulnerabilities in Comalatech Comala Workflows

SEC Consult Vulnerability Lab Security Advisory 20150409-0 ======================================================================= title: Multiple XSS & XSRF vulnerabilities product: Comalatech Comala Workflows vulnerable version: = 4.6.1 fixed version: 4.6.2 for Confluence 5.4+ and 4.5.4 for...

Multiple Cross-Site Scripting Vulnerabilities in Comala Workflows saveproperties.action

Comala Workflows is a WEB-based application. Multiple cross-site scripting vulnerabilities exist in the Comala Workflows saveproperties.action script, which can be exploited by a remote attacker to construct a malicious URI and trick a user into parsing it, which can be used to obtain a sensitive...

Comala Workflows /plugins/approvalsworkflow/saveworkflowmarkup.action Cross-Site Request Forgery Vulnerability

Comala Workflows is a WEB-based application. A cross-site request forgery vulnerability exists in Comala Workflows /plugins/approvalsworkflow/saveworkflowmarkup.action, which allows remote attackers to construct malicious URIs, trick users into parsing them, and execute malicious actions in the...

Comala Workflows newtask.action taskName has multiple reflected cross-site scripting vulnerabilities

Comala Workflows is a WEB-based application. Comala Workflows newtask.action script handles A cross-site scripting vulnerability exists in taskName, which can be exploited by a remote attacker to construct a malicious URI and trick the user into parsing it, which can be used to obtain a sensitive...

Comala Workflows /plugins/approvalsworkflow/saveworkflowmarkup.action has multiple reflected cross-site scripting vulnerabilities

Comala Workflows is a WEB-based application. Comala Workflows /plugins/approvalsworkflow/saveworkflowmarkup.action script processing attachment-macro has a cross-site scripting vulnerability that can be exploited by a remote attacker to construct a malicious URI and trick the user into parsing it...

Comalatech Comala Workflows 4.6.1 CSRF / XSS Vulnerabilities

Comalatech Comala Workflows versions 4.6.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities. title: Multiple XSS & XSRF vulnerabilities product: Comalatech Comala Workflows vulnerable version: = 4.6.1 fixed version: 4.6.2 for Confluence 5.4+ and 4.5.4 for...

Comalatech Comala Workflows 4.6.1 CSRF / XSS

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple XSS & XSRF vulnerabilities product: Comalatech Comala Workflows vulnerable version: = 4.6.1 fixed version: 4.6.2 for Confluence 5.4+ and 4.5.4 for Confluence 4.3...