Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 1 Oct 2017 09:25:07 +0200
Subject: Stored XSS vulnerability in BlogoText <= 3.7.5


I've discovered a security issue in BlogoText <= 3.7.5

A Stored XSS vulnerability via comment allows an unauthenticated
attacker to inject JavaScript. If it is triggered as administrator an
attacker can for example, change global settings or create/delete posts.
It is also possible to execute JavaScript against unauthenticated users
of the blog.


The issue is fixed in BlogoText 3.7.6.

I've requested a CVE ID (MITRE).


GPG: 3DE9 9187 4BE9 EAE6 3CA8  DC20 BA7B 93F9 9037 AE7E

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ