|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3702 CVE : CVE-2008-1045 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : nnposter Published : 27.02.2008
Advisory Text : Alkacon OpenCms tree_files.jsp resource XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the file tree navigation function. An invalid value supplied to parameter resource in page opencms/system/workplace/views/explorer/tree_files.jsp is not sanitized before it gets embedded in the HTML output as part of a JavaScript comment. Example: http://(target)/opencms/opencms/system/workplace/views/explorer/tree_fil es.jsp?resource=+*/+alert(document.cookie);+/*+/ The vulnerability has been identified in version 7.0.3. However, other versions may be also affected. Solution: Users should not browse untrusted sites while logged into OpenCms. Found by: nnposter  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |