2 matches found
CVE-2013-6880
CVE-2013-6880 is an open redirect vulnerability in FlashCanvas’s proxy.php (versions prior to 1.6) that can redirect users to arbitrary sites and enable XSS via the Referer header. Affected: FlashCanvas 1.5 and possibly older; fix: upgrade to FlashCanvas 1.6 or later. The issue status is active i...
FlashCanvas 1.5 proxy.php XSS Vulnerability
Advisory Information Title: FlashCanvas proxy.php XSS Vulnerability Date published: 11 December 2013 Reference: CVE-2013-6880 Advisory Summary Script does not adequately verify the Referer header before requesting via curl the remote URL specified in the ‘url’ GET parameter and rendering it. Vend...