Eventum 2.3.1 stored XSS
| Affects | Status | Importance | Assigned to | Milestone | ||
|---|---|---|---|---|---|---|
| Eventum | Status tracked in Trunk | |||||
| Trunk |
Fix Released
|
High
|
Elan Ruusamäe | |||
Bug Description
# Exploit Title: Eventum 2.3.1 stored XSS
# Date: 19-2-2011
# Author: Saif El-Sherei
# Software Link: [download link if available]
# Version: Eventum 2.3.1
# Tested on: FF 3.0.15, IE 8
Info:
Eventum is a user-friendly and flexible issue tracking system that can be used by a support department to track incoming technical support requests, or by a software development team to quickly organize tasks and bugs.
Details:
The "Full-Name" variable is not properly santized before displayed in any page. where an authorized user can perform this attack on other users who has access to the system, by changing his own "full-name" in the prefrences section.
POC:
<script>
contact:
please contact me @ my email "<email address hidden>" for confirmation.
Regards,
Saif El-Sherei
OSCP
Related branches
| Elan Ruusamäe (glen666) wrote | #1 |
| Changed in eventum: | |
| assignee: | nobody → Elan Ruusamäe (glen666) |
| importance: | Undecided → High |
| status: | New → Fix Committed |
| visibility: | private → public |
fixes applied in r4340
http://