Webfolio <= 1.1.4 Multiple XSS

Posted on March 7, 2012

WebfolioCMS 1.1.4 (and lower) is prone to multiple XSS vulnerabilities in “webfolio/admin/users/edit/<used_id>” path – where <used_id> = 1….n – due to an improper input sanitization.

To download my Original Advisory:
Webfolio <= 1.1.4 Multiple XSS

Other publications:
http://packetstormsecurity.org/files/110524/Webfolio-CMS-1.1.4-Cross-Site-Scripting.html
http://1337day.com/exploits/17634
http://www.securityfocus.com/bid/52335
http://osvdb.org/show/osvdb/80218

M	T	W	T	F	S	S
« Feb				Apr »
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Ivano Binetti

Personal Blog

Daily Archives: March 7, 2012

Webfolio <= 1.1.4 Multiple XSS