Magnolia CMS versions 4.5.7 - 5.0.1 is vulnerable to cross-site scripting / XSS vulnerability due to insufficient sanitisation of user-supplied data in "username", "fullname" and "email" HTTP POST parameters passed to "magnoliaPublic/demo-project/members-area/registration.html" URL. Proof-of-Concept code and how-to fix guide are available on researcher's page: https://www.htbridge.com/advisory/HTB23163.
Saturday, August 17, 2013
Magnolia CMS cross-site scripting XSS vulnerability
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment