[CVE-2015-2289] Serendipity CMS – XSS Vulnerability in Version 2.0

Serendipity CMS – XSS Vulnerability in Version 2.0 Product Information: Software: Serendipity CMS Tested Version: 2.0, released 23.1.2015 Vulnerability Type: Cross-Site Scripting (CWE-79) Download link: http://www.s9y.org/12.html Description: Serendipity is aimed to make everything possible you ever wish for. It is technically up to par to other well-known weblog scripts like Moveable Type or WordPress. (copied

Continue reading [CVE-2015-2289] Serendipity CMS – XSS Vulnerability in Version 2.0

Share this:

[CVE-2015-2082] UNIT4 Prosoft HRMS XSS Vulnerability

# Vulnerability type: Cross-site Scripting # Vendor: http://www.unit4.com/ # Product: UNIT4 Prosoft HRMS # Product site: http://www.unit4apac.com/products/prosofthrms # Affected version: 8.14.230.47 # Fixed version: 8.14.330.43 # Credit: Jerold Hoong & Edric Teo # PROOF OF CONCEPT The login page of UNIT4’s Prosoft HRMS is vulnerable to cross-site scripting. POST /Login.aspx?ReturnUrl=%2fCommon%2fBroadcastMessageDisplay.aspx%3fUrlReferrerCode%3d&UrlReferrerCode HTTP/1.1 Accept: text/html, application/xhtml+xml, */*

Continue reading [CVE-2015-2082] UNIT4 Prosoft HRMS XSS Vulnerability

Share this:

BEdita CMS – XSS and CSRF Vulnerability in Version 3.5.0

BEdita CMS – XSS & CSRF Vulnerability in Version 3.5.0 Product Information: Software: BEdita CMS Tested Version: 3.5.0, released 19.1.2015 Vulnerability Type: Cross-Site Scripting (CWE-79) & Cross-Site Request Forgery, CSRF (CWE-352) Download link: [http://www.bedita.com/download-bedita](http://www.bedita.com/download-bedita) Description: A software to create, manage content and organize it with semantic rules. (copied from [http://www.bedita.com/what-is-bedita](http://www.bedita.com/what-is-bedita)) Issues: 1) XSS in newsletter

Continue reading BEdita CMS – XSS and CSRF Vulnerability in Version 3.5.0

Share this:

[CVE-2015-1583] ATutor LCMS – CSRF Vulnerability in Version 2.2

[CVE-2015-1583] ATutor LCMS – CSRF Vulnerability in Version 2.2 Product Information: Software: ATutor LCMS Tested Version: 2.2, released 25.8.2014 Vulnerability Type: Cross-Site Request Forgery, CSRF (CWE-352) Download link: http://atutor.ca/atutor/download.php Description: ATutor is an Open Source Web-based Learning Content Management System (LCMS) designed with accessibility and adaptability in mind. (copied from http://www.atutor.ca/credits.php#whatatutor) Issues: 1) CSRF in

Continue reading [CVE-2015-1583] ATutor LCMS – CSRF Vulnerability in Version 2.2

Share this: