Latest YouTube Video

Saturday, January 31, 2015

[FD] CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities

CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities Exploit Title: SnipSnap /snipsnap-search? query Parameter XSS Product: SnipSnap Vulnerable Versions: 0.5.2a 1.0b1 1.0b2 Tested Version: 0.5.2a 1.0b1 1.0b2 Advisory Publication: Jan 30, 2015 Latest Update: Jan 30, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-9559 Credit: Wang Jing [MAS, Nanyang Technological University (NTU), Singapore] Advisory Details: (1) Vendor & Product Description Vendor: SnipSnap Product & Version: SnipSnap 0.5.2a 1.0b1 1.0b2 Vendor URL & Download: http://snipsnap.org Product Description: "SnipSnap is a user friendly content management system with features such as wiki and weblog. " (2) Vulnerability Details: SnipSnap has a security problem. It can be exploited by XSS attacks. (2.1) The vulnerability occurs at "snipsnap-search?" page with "query" parameter. References: http://ift.tt/1uOt2Qq http://ift.tt/1vnxpb5 http://ift.tt/1vnxqf5 http://ift.tt/1vnxqf7 http://ift.tt/1uOt36I http://ift.tt/1uOt1fh http://ift.tt/1vnxprq http://ift.tt/1uOt36N http://ift.tt/1uOt1fj http://ift.tt/1uOt36T http://ift.tt/1vnxqf7



Source: Gmail -> IFTTT-> Blogger

No comments: