Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 19 Dec 2015 08:47:01 +0000
From: CSW Research Lab <disclose@...ersecurityworks.com>
To: "cve-assign@...re.org" <cve-assign@...re.org>, 
	"oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Cross site vulnerability (XSS) in OcPortal CMS 9.0.20

Hi all

can you please assign CVE for this issue ?
http://ocportal.com/site/news/view/security_issues/security-patch-for-xss.htm?filter=1%2C2%2C3%2C29%2C30

Proof of Concept URL
***************************
[+] http://localhost/ocportal
/data/emoticons.php?field_name=post&keep_session=1
840048647&utheme=default&overlay=1/
[image: XSS on Data_emotions_browser.PNG]

Vulnerable Parameter(s):
******************************
[+]  Field_Name

Credits & Authors
--------------------
Arjun Basnet from Cyber Security Works Pvt. Ltd. (
http://cybersecurityworks.com)

[ CONTENT OF TYPE text/html SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ