Reported to the right person and they came out with an updated version to fix that issue.
Step to produce the bug :
Complete the message/comment box. Each forms are vulnerable to XSS.
XSS payload is successfully stored. If the comment/message need a validation from admin, we can use direct payload to get the admin cookies which this attack known as Blind XSS.
Date reported : 25/10/2012
Date fixed : 21/11/2012
Date published: 29/11/2012
Thanks,
@yappare
0 comments:
Post a Comment