2 matches found
XSS in /secure/admin/TempoServicesAccess.jspa
allowedIPAccresses is passed unfiltered into the results page. Contents of the field persist through the "missing XSRF token" screen, so exploitation is trivial - just get your victim to click on the link without a token. noformat...
XSS in /secure/admin/TempoServicesAccess.jspa
allowedIPAccresses is passed unfiltered into the results page. Contents of the field persist through the "missing XSRF token" screen, so exploitation is trivial - just get your victim to click on the link without a token. noformat...