Jaws Glossary version 0.4 through 0.5.1 suffer from cross site scripting flaws.
e991bfb30f2a1a7245f48d2e163c87e0ac4bb872253d33e7407bbdf4b33c4c0bXSS Bug in Jaws Glossary( v 0.4 - 0.5.1 (latest version))
STATUS: The vendor has been contacted, fixed in cvs.
Jaws is a Framework and Content Management System for building dynamic
web sites. It aims to be User Friendly
giving ease of use and lots of ways to customize web sites, but at the
same time is Developer Friendly,
it offers a simple and powerful framework to hack your own modules.
TECHNICAL INFO
================================================================
The Glossary gadget doesn't filter dangerous characters in the argument
view or ViewTerm ( according to the version)
allowing the instertion of items from
"<script>alert(document.cookie)</script> to more complex situations.
Example:
v0.5.x:
https://url.com/index.php?gadget=Glossary&action=ViewTerm&term=<script
src=some script</script>
v 0.4:
https://url.com/index.php?gadget=Glossary&action=view&term=<script
src=some script></script>
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user.
This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.
VULNERABLE VERSIONS
---------------------------------------------------------------
0.4-0.5.1(Latest version)
---------------------------------------------------------------
Contact information
:Paulino Calderon
:nah@suckea.com
:https://nah.suckea.com/
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed