Re: Oblog XSS valnerability

---

• From: dan.crowley@xxxxxxxxx
• Date: Sat, 24 Jan 2009 12:57:22 -0700

---

Can you be more specific? I tested this vulnerability on Oblog v4.5 with the following XSS string:

<script>alert("xss")</script>

Both the angle brackets and quotes were filtered, so I don't believe that this version is vulnerable to the problem you describe.

Can you tell us what version you tested?

---

• Prev by Date: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
• Next by Date: WB News v2.0.X Remote File include ..
• Previous by thread: Oblog XSS valnerability
• Next by thread: ZDI-09-009: EMC AutoStart Backbone Engine Trusted Pointer Code Execution Vulnerability
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2009-01