BEdita CMS – XSS and CSRF Vulnerability in Version 3.5.0

BEdita CMS – XSS & CSRF Vulnerability in Version 3.5.0 Product Information: Software: BEdita CMS Tested Version: 3.5.0, released 19.1.2015 Vulnerability Type: Cross-Site Scripting (CWE-79) & Cross-Site Request Forgery, CSRF (CWE-352) Download link: [http://www.bedita.com/download-bedita](http://www.bedita.com/download-bedita) Description: A software to create, manage content and organize it with semantic rules. (copied from [http://www.bedita.com/what-is-bedita](http://www.bedita.com/what-is-bedita)) Issues: 1) XSS in newsletter

Continue reading BEdita CMS – XSS and CSRF Vulnerability in Version 3.5.0

[CVE-2015-1583] ATutor LCMS – CSRF Vulnerability in Version 2.2

[CVE-2015-1583] ATutor LCMS – CSRF Vulnerability in Version 2.2 Product Information: Software: ATutor LCMS Tested Version: 2.2, released 25.8.2014 Vulnerability Type: Cross-Site Request Forgery, CSRF (CWE-352) Download link: http://atutor.ca/atutor/download.php Description: ATutor is an Open Source Web-based Learning Content Management System (LCMS) designed with accessibility and adaptability in mind. (copied from http://www.atutor.ca/credits.php#whatatutor) Issues: 1) CSRF in

Continue reading [CVE-2015-1583] ATutor LCMS – CSRF Vulnerability in Version 2.2