|
Message-ID: <20130611111031.3c0e1826@devil> Date: Tue, 11 Jun 2013 11:10:31 +0200 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Subject: CVE request: resin: Cross site scripting From the secunia advisory SA53749 [1]: Description Gjoko Krstic has discovered a vulnerability in Caucho Resin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input appended to the URL after /resin-admin/ is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 4.0.36. Other versions may also be affected. Solution No official solution is currently available. Provided and/or discovered by Gjoko Krstic (LiquidWorm) Original Advisory ZSL-2013-5143: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5143.php [1]: https://secunia.com/advisories/53749/ The original advisory contains a poc.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.