OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[eVuln.com] email XSS in SimpLISTic

btevuln.com
Date: Wed Nov 24 2010 - 08:47:38 CST

New eVuln Advisory:
email XSS in SimpLISTic
Summary: http://evuln.com/vulns/145/summary.html
Details: http://evuln.com/vulns/145/description.html

-----------Summary-----------
eVuln ID: EV0145
Software: SimpLISTic
Vendor: Mrcgiguy
Version: 2.0
Critical Level: low
Type: Cross Site Scripting
Status: Unpatched. No reply from developer(s)
PoC: Available
Solution: Available
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )
--------Description--------
XSS vulnerability found in email.cgi script. 'email' parameter is not properly sanitized.
'email' parameter pass through similar filter but not XSS filter.
Any user may add email containing special code.
"List addresses" page in Admin panel is vulnerable.
--------PoC/Exploit--------
PoC code is available at:
http://evuln.com/vulns/145/exploit.html
---------Solution----------
Available at http://evuln.com/vulns/145/solution.html
----------Credit-----------
Vulnerability discovered by Aliaksandr Hartsuyeu
http://evuln.com/xss/ - recent xss vulns.