Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2012-0872

Publish Date: 22 Feb 2012

Source

                							

                
Our addition to yesterday YGn advisory:


# CVE-2012-0872

============ { Ariko-Security - Advisory #2/2/2012 } =============

OxWall Cross-site scripting (XSS)


Vendor's description of software and download:
# Oxwall Foundation http://www.oxwall.org/

Dork:
# N/a

Application Info:
#OxWall 1.1.1


Vulnerability Info:
# Type: XSS 

Time Table:
# 13/02/2012 - Vendor notified


XSS:
#Input passed to the "plugin" parameter in index.php is not properly sanitised before being returned to the user.

Solution:
# Input validation of vulnerable parameters should be corrected.

POC:

http://site/ow_updates/?plugin=%27%22%28%29%26%251%3CScRiPt%20%3Eprompt%28982087%29%3C%2fScRiPt%3E

advisory:
http://advisories.ariko-security.com/2012/audyt_bezpieczenstwa_2m2.html

Credit:
# Discoverd By: Ariko-Security 2012

Ariko-Security
Rynek Glowny 12
32-600 Oswiecim
tel:. +48 33 4741511 mobile: +48 784086818
(Mo-Fr 10.00-20.00 CET)

Ariko-Security Sp. z o.o. z siedzib± w O¶wiêcimiu , zarejestrowana przez S±d Rejonowy dla m. Krakowa-¦ródmie¶cia, XII Wydzia³ Gospodarczy Krajowego Rejestru S±dowego, KRS: 00000358273, NIP: 549-239-90-67, REGON 121262172








<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Oxwall 1.1.1 Cross Site Scripting

Vulmon Search

About

Products

Connect