Eventum

Eventum 2.3.1 stored XSS

  1. Series trunk
  2. Bug #721785
Bug #721785 reported by Saif El-Sherei
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Eventum
Status tracked in Trunk
Trunk
Fix Released
High
Elan Ruusamäe
Eventum 2.3.2

Bug Description

# Exploit Title: Eventum 2.3.1 stored XSS
# Date: 19-2-2011
# Author: Saif El-Sherei
# Software Link: [download link if available]
# Version: Eventum 2.3.1
# Tested on: FF 3.0.15, IE 8

Info:

Eventum is a user-friendly and flexible issue tracking system that can be used by a support department to track incoming technical support requests, or by a software development team to quickly organize tasks and bugs.

Details:

The "Full-Name" variable is not properly santized before displayed in any page. where an authorized user can perform this attack on other users who has access to the system, by changing his own "full-name" in the prefrences section.

POC:

<script>alert9'w00t');</script>

contact:
please contact me @ my email "<email address hidden>" for confirmation.

Regards,

Saif El-Sherei
OSCP

Related branches

lp://staging/eventum
Revision history for this message
Elan Ruusamäe (glen666) wrote :

fixes applied in r4340

http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4340

Changed in eventum:
assignee: nobody → Elan Ruusamäe (glen666)
importance: Undecided → High
status: New → Fix Committed
Elan Ruusamäe (glen666)
visibility: private → public
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.