3 matches found
OTRS <= 2.0.x XSS/XSRF
--------------------------------------------------------------------------------- | . | | / /||/ | | | Y / | | / / | | / | || | /| | | | // | | / |||| || |/ // | | / / | | Security without illusions | | www.virtuax.be | | |...
Advisory4-20022007.txt
--------------------------------------------------------------------------------- | . | | \ \ / /||/ | | | \ Y / | \ \ \ | \ \ \ / / | | \ / | || | /| | | | // \ | | / |||| || |/ //\ \ | | / / | | Security without illusions | | www.virtuax.be | | |...
Wordpress <= v2.1.0
If you're logged in into wordpress as an admin, your comments aren't properly sanitized, thus allowing an XSS to be posted. This can be exploited using XSRF techniques. More info & PoC: http://www.virtuax.be/advisories/Advisory4-20022007.txt...