Manila <= 9.5 - XSS Vulnerabilities

From: d4igoro@xxxxxxxxx
Date: 11 Apr 2006 21:19:26 -0000

Manila <= 9.5 - XSS Vulnerabilities
--------------------------------------------------------
Software: Manila
Version: <= 9.5
Type: Cross Side Scripting Vulnerability
Date: Die Apr 11 21:33:54 CEST 2006
Vendor: UserLand Software
Page: http://manila.userland.com/
Risc: Middle

credits:
----------------------------
d4igoro - d4igoro[at]gmail[dot]com
http://d4igoro.blogspot.com/

vulnerability:
----------------------------
http://[target]/discuss/msgReader$1?mode=[XSS]
http://[target]/newsItems/viewDepartment$[XSS]

solution:
----------------------------
There isn't a solution yet.

notes:
----------------------------
At the time of posting no known official patches are available for this vulnerability.
The vendor has been informed.

Prev by Date: ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability
Next by Date: Confixx 3.1.2 <= SQL Injection
Previous by thread: ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability
Next by thread: Confixx 3.1.2 <= SQL Injection
Index(es):
- Date
- Thread

Relevant Pages

[Full-disclosure] Survey: "MIME/Content-Type-Sniffing" Issues in Image Uploads in Forum
... opening XSS vulnerabilities in software that allows uploads. ... IN a survey, we found myBB, fluxBB, phorum, SMF and WBB to be vulnerable to ... Vendor Reaction ... leading to a cross-site-scripting vulnerability. ...
(Full-Disclosure)
Survey: "MIME/Content-Type-Sniffing" Issues in Image Uploads in Forum Scripts
... opening XSS vulnerabilities in software that allows uploads. ... IN a survey, we found myBB, fluxBB, phorum, SMF and WBB to be vulnerable to ... Vendor Reaction ... leading to a cross-site-scripting vulnerability. ...
(Bugtraq)
Administrivia: Response to OIS Draft on "Security Vulnerability and Response Process"
... vulnerability or not. ... to see what they can expect, at each Vendor, or for each Coordinator, ... and possibly a lot longer if the Finder doesn't pester ... security of users, critical infrastructures, and the Internet"...and ...
(NT-Bugtraq)
Open-Xchange Security Advisory 2013-03-13
... The vendor has chosen responsible full disclosure to publish security issue details. ... Vulnerability Type: Cross Site Scripting ... Internal reference: 24649 ...
(Bugtraq)
[NT] Microsoft Word Malformed FIB Arbitrary Free Vulnerability (MS08-072)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A vulnerability has been found in the way that Microsoft Word handles ... Vendor Information, Solutions and Workarounds: ... Core requests information concerning Microsoft's plans to fix ...
(Securiteam)