holisticinfosec.org - HIO-2008-1022-4 SignMe 1.5 XSS

Home
Blog
ISSA JRN's toolsmith
Best Practices
Links
Research
How To
Standards
Publications & Events
Simplicity
Philosophy
GNU GPL
In The News
F-Secure World Map
News
Security News Feeds
Open SRC Definition
Contact
Search

"Interest in computer security is driven by events, and the number of events is increasing dramatically. - Ralph Merkle"

RSS

HIO-2008-1022-4 SignMe 1.5 XSS

Planetluc's SignMe 1.5 and earlier contain a flaw that allows remote cross site scripting.
Cross-site scripting exists because the application does not validate the "hash" variable upon GET submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

BID: 32068

CVE-2008-4891

OSVDB: 49489

SA: 32506

XF: 46199

Vendor Solution:Upgrade to version 1.55

< Prev		Next >

[ Back ]