Jappix Cross Site Scripting

Posted on 29 August 2014

# Affected software: https://jappix.org/ # Discovered by: Provensec # Website: http://www.provensec.com # Type of vulnerability: XSS Stored # Description: Jappix is a new, smart and powerful social platform. We think each of us should own his own data, that’s why we’ve made Jappix decentralized. Jappix is one of the smartest free social network. You can install it on your own server if you have one or join one of the existings. All of the Jappix servers are connected together through XMPP protocol. Therefore, you can use a jappix account with other software, as Gajim, Psi, iChat or Movim. # Proof of concept: Create new account and fill the nickname and other field with "><script>alert(document.cookie);</script> and then goto https://me.jappix.com/usnername@jappix.com/contact

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Relate Cross Site Scripting
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Insecure Direct Object Reference

Last 20