EUVD-2011-1720

Malware in sbrugna...

Moneybird: Stored XSS on add project

The researcher found a way to store a snippet that was served to him and or other users of his administration. Subsequently the snippet was executed by his browser, making it a viable XSS vulnerability...

CVE-2011-1721

Cross-site request forgery CSRF vulnerability in php/partieadministrateur/administration.php in WebJaxe 1.02 allows remote attackers to hijack the authentication of administrators for requests that 1 modify passwords or 2 add new projects. NOTE: some of these details are obtained from third party...