holisticinfosec.org - HIO-2008-1022-4 SignMe 1.5 XSS

Home
Blog
toolsmith (ISSA)
Research
Events
Publications
In The News
News
Best Practices
Links
How To
Standards
Simplicity
Philosophy
Security News Feeds
Search
Contact

"What I hear, I forget. What I see, I remember. What I do, I understand. - Kung Fu Tzu (Confucius)"

RSS

HIO-2008-1022-4 SignMe 1.5 XSS

Planetluc's SignMe 1.5 and earlier contain a flaw that allows remote cross site scripting.
Cross-site scripting exists because the application does not validate the "hash" variable upon GET submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

BID: 32068

CVE-2008-4891

OSVDB: 49489

SA: 32506

XF: 46199

Vendor Solution:Upgrade to version 1.55

< Prev		Next >

[ Back ]