Pebble2.0.0.txt

Pebble2.0.0.txt: Posted Oct 4, 2006; Authored by Paolo Perego; Pebble 2.0.0 RC1 and 2 suffer from a cross site scripting vulnerability.; tags | advisory, xss; SHA-256 | 08a5e732869950e08e91c781c24e82104a020041dcae765ae6d6b23413dffc6f; Download | Favorite | View

Pebble2.0.0.txt

Software: Pebble
Version: 2.0.0 RC1 - 2.0.0 RC2
Author: Simon Brown
Homepage: http://pebble.sourceforge.net

Abstract
Pebble is a blogging system built upon java and XML. There is no
database to store the data into but just XML is used instead.

Description

Vulnerability: XSS vulnerability in "search" functionality. Query
string wasn't parsed for HTML and while printing it out for "Search
with google" link, the XSS can be done.

Workaround
Disable "Search with google" link in the user result page or, better,
update to the latest version in subversion.

History

Author contacted: 20 september
Author replyed: 20 september
Patch published in Subversion archive: 27 september


Disclaimer:

This advisory intended to be informational. No responsibility is taken
for its misuse.

Top Authors In Last 30 Days

Red Hat 239 files
indoushka 79 files
Ubuntu 79 files
Debian 22 files
LiquidWorm 20 files
Google Security Research 8 files
Gentoo 7 files
malvuln 6 files
Emiliano Febbi 4 files
Seth Jenkins 4 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,147)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,676)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,132)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,946)
UNIX (9,472)
UnixWare (188)
Windows (6,784)
Other

Pebble2.0.0.txt

Pebble2.0.0.txt

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Pebble2.0.0.txt

Share This

Pebble2.0.0.txt

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems