EJBCA 4.0.7 – ‘issuer’ Cross-Site Scripting

Exploit Database
80 阅读

作者： MustLive

日期： 2012-03-11
类别：
- webapps
平台：
- java
来源：https://www.exploit-db.com/exploits/36939/

source: https://www.securityfocus.com/bid/52400/info

EJBCA is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

EJBCA 4.0.7 is vulnerable; other versions may also be affected. 

http://www.example.com/ejbca/publicweb/webdist/certdist?cmd=revoked&issuer=%3Cscript%3Ealert(document.cookie)%3C/script%3E&serno=1

last Exploits
EJBCA 4.0.7 – ‘issuer’ Cross-Site Scripting的更多信息

WordPress Plugin WP-UserOnline 2.88.0 – Stored Cross Site Scripting (XSS)：
Bonefire 0.7.1 – Reinstall Admin Account：
Joomla! Component Sponsor Wall 8.0 – SQL Injection：
Oracle Reports Developer Component 12.2.1.3 – Cross-site Scripting：
Scripts Genie Hot Scripts Clone – ‘showcategory.php?cid’ SQL Injection：
Joomla! Component com_dms 2.5.1 – SQL Injection：
ICE Hrm 29.0.0.OS – ‘Account Takeover’ Cross-Site Request Forgery (CSRF)：
Teradek Slice 7.3.15 – Cross-Site Request Forgery：