[eVuln.com] email XSS in SimpLISTic

2010-11-24T00:00:00
ID SECURITYVULNS:DOC:25165
Type securityvulns
Reporter Securityvulns
Modified 2010-11-24T00:00:00

Description

New eVuln Advisory: email XSS in SimpLISTic Summary: http://evuln.com/vulns/145/summary.html Details: http://evuln.com/vulns/145/description.html

-----------Summary----------- eVuln ID: EV0145 Software: SimpLISTic Vendor: Mrcgiguy Version: 2.0 Critical Level: low Type: Cross Site Scripting Status: Unpatched. No reply from developer(s) PoC: Available Solution: Available Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ ) --------Description-------- XSS vulnerability found in email.cgi script. 'email' parameter is not properly sanitized. 'email' parameter pass through similar filter but not XSS filter. Any user may add email containing special code. "List addresses" page in Admin panel is vulnerable. --------PoC/Exploit-------- PoC code is available at: http://evuln.com/vulns/145/exploit.html ---------Solution---------- Available at http://evuln.com/vulns/145/solution.html ----------Credit----------- Vulnerability discovered by Aliaksandr Hartsuyeu http://evuln.com/xss/ - recent xss vulns.