Project Open ]po[ version 3.4.x suffers from a cross site scripting vulnerability.
693ec8265e6017c96ec32e0a9eda3f7ac2b19ef5aa8ad1e93b662720d3d769b1#
# Vulnerability Title: Project Open ]po[ - "account-closed.tcl" Reflective Cross Site Scripting
# Author: Michail Poultsakis
# Date of Vendor and CERT Contact: 2011.12.08
# Publication Date: 2012.02.02
# Product Link: http://www.project-open.com
# Affected Product Version: 3.4.x
#
#
#
# Project Open ]po[ version 3.4.x suffers from a reflective Cross Site Scripting Vulnerability.
# The vulnerability resides within the "message" parameter in the "account-closed.tcl" script.
#
# http://[HOST]/register/account-closed?message=[arbitrary-JavaScript]
#
# An attacker, by crafting a malicious URL of his choosing, may force arbitrary JavaScript to be executed on the victim's browser.
#
# --- Vulnerability detected on product version 3.4. Previous product versions might also be affected. ---
#
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed