Project Open Cross Site Scripting

Posted on 03 February 2012

# # Vulnerability Title: Project Open ]po[ - "account-closed.tcl" Reflective Cross Site Scripting # Author: Michail Poultsakis # Date of Vendor and CERT Contact: 2011.12.08 # Publication Date: 2012.02.02 # Product Link: http://www.project-open.com # Affected Product Version: 3.4.x # # # # Project Open ]po[ version 3.4.x suffers from a reflective Cross Site Scripting Vulnerability. # The vulnerability resides within the "message" parameter in the "account-closed.tcl" script. # # http://[HOST]/register/account-closed?message=[arbitrary-JavaScript] # # An attacker, by crafting a malicious URL of his choosing, may force arbitrary JavaScript to be executed on the victim's browser. # # --- Vulnerability detected on product version 3.4. Previous product versions might also be affected. --- #

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Online Tours And Travels Management System 1.0 SQL Injection
osCommerce 4 Cross Site Scripting
ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path
Doctor Appointment Management System 1.0 Cross Site Scripting
Kemp LoadMaster Unauthenticated Command Injection

Last 20