[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [InterN0T] Achievo 1.3.4 - XSS Vulnerability
In regards to the previous researchers i found out this vulnerability and another has already been disclosed.
http://www.securityfocus.com/bid/31326/info (ver 1.3.2)
http://secunia.com/advisories/31973/ (ver. 1.3.2)
However, i can confirm that the vulnerability below still exists in the newest version (1.3.4) of the platform as well:
If One would like the XSS to be triggered directly on the site the user enters, One can prepend > after ">.
Example: (thanks to Rohit Bansal for this information)
I'm sorry i didn't check other sites before submitting.
All of the best,